What is GANDCRAB V5.0 ransomware?
GANDCRAB V5.0 is continuation of a GandCrab ransomware viruses, that is spreading around the world terrifically fast. GANDCRAB V5.0 is as dangerous as any other version of this virus. The virus may infect any computer, that’s why we strongly recommend you to keep backups of the most important files and a proper anti-virus. The way this ransomware is distributed is very infectious: cyber criminals are hacking web sites and use them to spread their virus. Important fact – there is a confirmed information that the virus is spreading by using hacked and repacked with the ransomware installers of popular games and programs. If your computer is infected, you may use this instruction to remove GANDCRAB V5.0 ransomware and decrypt encoded data.
This ransomware may become a serious issue for your computer, because it will encrypt all the important, personal and sensitive data, like photos, audio files, videos, any documents (like MS Office data) and so on. GANDCRAB V5.0 uses Salsa20 and RSA-2048 encryption algorithms to encode the data. Encryption would not let you access enciphered files in any possible way. Once data on your computer is encrypted, GANDCRAB V5.0 ransomware will create [various numbers and characters]-DECRYPT.html (for example QIKKA-DECRYPT.html) file in each folder with the encrypted data and change desktop wallpapers to pidor.bmp. Here’s GANDCRAB V5.0 ransom note:
—= GANDCRAB V5.0 =—
All your files, documents, photos, databases and other important files are encrypted and have the extension: .XMMFA
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:>
•Download Tor browser – https://www.torproject.org/
• Install Tor browser
• Open Tor Browser
• Open link in TOR browser: http://gandcrabmfe6mnef.onion/e499c8afc4ba3647
• Follow the instructions on this page
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
IN ORDER TO PREVENT DATA DAMAGE:
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW
This is the wallpaper pidor.bmp with the ransom message:
ENCRYPTED BY GANDCRAB V5.0
DEAR Admin YOUR FILES ARE UNDER STRONG PROTECTION BY OUR SOFTWARE.
IN ORDER TO RESTORE IT YOU MUST BUY DECRYPTOR
For further steps read XMMFA-DECRYPT.html that is located in every encrypted folder.
There is also an onion-website of GANDCRAB V5.0, where their victims can buy Gandcrab Decryptor:
Cyber criminals are trying to make it look like they offer their victims some kind of service, even though they just robbing them. In fact, there is a live chat:
After finishing encrypting process, the ransomware will state that there are no ways to recover your files but to buy GandCrab Decryptor for 2400$ in cryptocurrency (DASH or BitCoin). You should know that nobody can guarantee that they will help you, don’t trust them, these cyber criminals are not going to do their part of the deal. Still, there’s no need to panic, GANDCRAB V5.0 ransomware does very complicated encryption, but it does not damage, move or delete your files, which means you may recover your personal data.
How to remove GANDCRAB V5.0 from your computer?
Unfortunately, there are no possible ways to remove GANDCRAB V5.0 ransomware manually, because the infection goes too deep into your system. You may remove the virus only with automatic removal tool, use this one to clean your system from GANDCRAB V5.0 ransomware.
How to decrypt files encrypted by GANDCRAB V5.0?
Once you’ve removed virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.
Decrypt files with automated decryption tools
Unfortunately, due to novelty of GANDCRAB V5.0 ransomware, there are no available automatic decryptors for this virus yet. Still, there is no need to invest in malicious scheme by paying ransom. You are able to recover files manually.
Decrypt files manually
You can try to use one of these methods in order to restore your encrypted data manually.
Recover data with Data Recovery
- Download and install Data Recovery
- Select drives and folders with your files, then click Scan.
- Choose all the files in a folder, then press on Restore button.
- Manage export location.
Restore data with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:
- Open My Computer and search for the folders you want to restore;
- Right-click on the folder and choose Restore previous versions option;
- The option will show you the list of all the previous copies of the folder;
- Select restore date and the option you need: Open, Copy and Restore.
Restore the system with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
- Type restore in the Search tool;
- Click on the result;
- Choose restore point before the infection infiltration;
- Follow the on-screen instructions.
How to protect PC from GANDCRAB V5.0?
It’s pretty difficult task to get rid of any ransomware, including GANDCRAB V5.0. But you can easily prevent any infection of your PC. HitmanPro.Alert’s CryptoGuard can help you with this problem. It’s one of the best anti-ransomware applications. No matter how sneaky it is, HitmanPro.Alert’s CryptoGuard will stop GANDCRAB V5.0 infiltration to your system. After detection, this program removes all the related to the ransomware data and prevents your file from being encrypted.