How to remove GANDCRAB ransomware and decrypt .GDCB files


GANDCRAB ransomware is a big threat to your computer, as it will encrypt all the personal files. Encrypted files can’t be opened or accessed in any possible way. The ransomware widely distributed by means of RigEK toolkit. After finishing encrypting process with currently unknown cryptography algorithm, this ransomware adds .GDCB file extension to the name of all the encrypted data. For example, music.mp3 file turns into music.mp3.GDCB file. Once data on your computer is encrypted, GANDCRAB ransomware will create GDCB-DECRYPT.txt text file in each folder with the encrypted data or display lock-screen window. You can find demands and instruction on how to pay the ransom for decryption key in this file or the window. In this article you may learn how to remove GANDCRAB ransomware and decrypt .GDCB files without paying a ransom.

remove GANDCRAB ransomware

This is what GANDCRAB ransom window contains:

– GandCrab –

But don’t worry, you can return all your files! We can help you!
Below you can choose one of your encrypted file from your PC and decrypt him, it is test decryptor for you.
But we can decrypt only 1 file for free.
[…] -Price-
1.5 DASH (1200 USD)
-DASH address for payment-
This process is fully automated, all payments is instant.
After your payment, please refresh this page and you can download here GandCrab Decryptor!
If you have any questions, please, don’t hesitate, and write in our Support service 24/7.

As you may see, the ransom amount will double after some time, which is nothing special – this kind of thing is common for ransomware viruses. Cyber criminals develop this timer in order to make victims pay faster and without any doubt, quite strong psychological trick, but do not let these people frighten you, you may get rid of this threat by yourself without paying any ransom. Here you can find ransom note from GDCB-DECRYPT.txt file:


All your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB
The only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
1. Download Tor browser – hxxps://
2. Install Tor browser
3. Open Tor Browser
4. Open link in tor browser: hxxp://gdcbghvjyqy7jclk.onion/113737081e857d00
5. Follow the instructions on this page

If Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:
1. hxxp://
2. hxxp://
3. hxxp://
4. hxxp://
5. hxxp://

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

Do not try to modify files or use your own private key – this will result in the loss of your data forever!

GANDCRAB uses typical ransomware scheme to force you to pay them. After finishing encrypting process, the ransomware will state that there are no ways to recover your files but to pay ransom. Cyber criminals demand ransom in 1.5 Dash (~1130$), it is cryptocurrency that is similar to bitcoin. Once you’ve done payment, they are suppose to send you decryption key. But you should know that nobody can guarantee that they will help you, don’t trust them, these cyber criminals are not going to do their part of the deal. Mostly they are just ignoring people who pays them. So please do not invest into this criminal scheme. Trust us, there’s no need to panic, GANDCRAB ransomware does very complicated encryption, but it does not damage, move or delete your files, which means you have chance to recover your personal data.

How to remove GANDCRAB from your computer?

In order to get rid of GANDCRAB on your computer, first thing you need to do is to run PC through full scan of a proper anti-virus removal tool. To do so, take following steps:

  1. Boot your computer in Safe Mode with networking – push F8 button before your system starts;
  2. You’ll see Advanced boot options menu;
  3. Select Safe mode with networking and press Enter;
  4. Once you’ve entered your system in Safe Mode with networking, open your web browser and download any proper anti-ransomware removal tool;
  5. Start entire system scan;
  6. After finishing scanning process, the program will remove virus from your computer, so you can move on to recovering of your files.

Unfortunately, there are no possible ways to remove GANDCRAB ransomware manually, because the infection goes too deep into your system. You can remove the virus only with automatic removal tools. You may try to use SpyHunter to clean your system from GANDCRAB ransomware.

Download SpyHunter 5 windows compatible SpyHunter provides an opportunity to remove 1 detected malware for free during trial period. The full version of the program costs $39,99 (you get 6 months of subscription). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.

How to decrypt .GDCB files encrypted by GANDCRAB?

Once you’ve removed virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.

Decrypt .GDCB files with automated decryption tools

Unfortunately, due to novelty of GANDCRAB ransomware, there are no available automatic decryptors for this virus yet. Still, there is no need to invest in malicious scheme by paying ransom. You are able to recover files manually.

Decrypt .GDCB files manually

You can try to use one of these methods in order to restore your encrypted data manually.

Restore data with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:

  1. Open My Computer and search for the folders you want to restore;
  2. Right-click on the folder and choose Restore previous versions option;
  3. The option will show you the list of all the previous copies of the folder;
  4. Select restore date and the option you need: Open, Copy and Restore.

Restore the system with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

  1. Type restore in the Search tool;
  2. Click on the result;
  3. Choose restore point before the infection infiltration;
  4. Follow the on-screen instructions.

Restore data with Recuva


Recuva is a data recovery program for Windows, developed by Piriform. It is able to recover files that have been “permanently” deleted and marked by the operating system as free space.

Download Recuva
  1. Once you’ve downloaded and installed this application, start it in Wizard mode: choose the Options button and then select Run Wizard;
  2. You will see Welcome to the Recuva Wizard page, choose Next;
  3. Open the File Type page and choose the type of data you need to recover, after select Next. If you don’t know what kind of data you are looking for, choose Other option;
  4. Choose the location of a search in the File Location window;
  5. In the Thank you window, select Start. After finishing searching process, Recuva will show you the results of search;
  6. Before recovering of the data, choose the Check Boxes near the file. You can see three types of colored dots. Green dot means that your chance to restore file is excellent. Orange one – chance to restore file is acceptable. And the red one shows you that it’s unlikely to happen;
  7. Select Recover option and choose the directory of the restored data.

How to protect PC from GANDCRAB?

HitmanPro.Alert's CryptoGuard

It’s pretty difficult task to get rid of any ransomware, including GANDCRAB. But you can easily prevent any infection of your PC. HitmanPro.Alert’s CryptoGuard can help you with this problem. It’s one of the best anti-ransomware applications. No matter how sneaky it is, HitmanPro.Alert’s CryptoGuard will stop GANDCRAB infiltration to your system. After detection, this program removes all the related to the ransomware data and prevents your file from being encrypted.

Download HitmanPro.Alert
Was this tutorial helpful?
[Total: 0 Average: 0]

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.