GandCrab brings a lot of benefits to hackers if it gets to the computer. It doesn’t have a complex structure, however, it is very effective. As a result, users often come across with it online. The only way out is reinstallation of the current system, or you won’t eliminate this ransomware. Unfortunately, users will have to say goodbye to their computer stuff.
GandCrab is an item that you cannot ignore. It will encrypt all your files once it gets on the stage. And then, it will give the hint to contact them for tech help. It can incapacitate all the security applications which you rely on to recover your files, and that is also the reason why it could stay on your PC for long. Its developer will introduce himself as the only savior in this situation.
GandCrab drops a ransom note containing details about what happened to your files and how to recover it. Dissimilar to most ransom virus, GandCrab did not apply Bitcoin currency for payment. It provides a DASH address where victim can send the ransom. Malware author ask for 1.5 Dash or roughly $1200. It warned victims that the amount of ransom will be doubled if they failed to settle the said amount within the time limit given.
GDCB-DECRYPT.txt file content:
—= GANDCRAB =—
All your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB
The only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
1. Download Tor browser – xxxxs://www.torproject.org/
2. Install Tor browser
3. Open Tor Browser
4. Open link in tor browser: xxxx://gdcbghvjyqy7jclk.onion/6361f798c4ba3647
5. Follow the instructions on this page
If Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
Do not try to modify files or use your own private key – this will result in the loss of your data forever!
When the money is received by hackers of GandCrab, users will get the decryption keys for a while. But don’t rush to salute it because it will also hover around you to take another chance. It could do more harm to the doomed-and-gloomed users. It will bring in viruses, malware, and the recipients have to take them because the liability. You will find that it looms around your PC in the future.
In case you want to stop GandCrab and save your computer items, we recommend you to delete it as soon as possible.
STEP 1. Recover files from GandCrab ransomware encryption
There are a lot of different ransomware viruses on the internet. Some of them are more dangerous than the others because they not only leaving malicious processes to protect themselves, but also removing backups of your system to make the recovery process impossible.
Please Note: Not all ransomware infections are able to remove backups of your system, so it is always worth to try a windows recovery method below. In order to protect your backups from this danger, try our Anti-Ransomware product:
We recommend use Safe Mode with command prompt to safely perform a recovery of your files. You will have to reboot your computer, so you better save this instruction some where on your hard drive or read if from second computer.
- Windows 7 users: You need to reboot your system and before its loaded constantly press “F8” button until you see boot options.
- Windows 8/10 users: Press the “Power” button from Windows login screen or Settings. Hold the Shift key on your keyboard and click on “Restart”
- After your computer reboots – Click on “Troubleshoot” – press “Advanced options” – “Startup Settings”
- Click the “Restart” button and your computer will reload again and show you the list with all options. You need to choose the “Safe Mode with Command Prompt”
- When your windows loads, enter the following line: cd restore and press Enter.
- After that type rstrui.exe line and press Enter.
- A recovery window will open before you, Click Next to proceed.
- In the next window, you need to choose a Restore point. All files in protected drives will be recovered at the time when this point was created (prior to the infection with GandCrab). In the case when ransomware removes these backups, there will be no Restore points listed. Select a Restore point and click “Next”.
- Click “Finish” in this window and confirm the recovery process by pressing “Yes“.
Simple example of how to recover your files from ransomware infection:
STEP 2. Removing GandCrab ransomware malicious files
Once the recovery process is complete, you should consider scanning your computer with a GridinSoft Anti-Malware in order to find any traces of GandCrab infection. Though some ransomware viruses are removing themselves right after the encryption of your files, some may leave malicious processes on your computer for special purposes of cyber criminals.
- Run GridinSoft Anti-Malware and choose the scan type, which is suitable for your needs. Of course, for the accuratest scan results we recommend you to choose the “Full Scan”.
- Give Anti-Malware a little time to check your system:
- Move to quarantine all the viruses and unwanted files, that you see in the results list:
- Enjoy the malware removal process:
Use of On-run protection may additionaly prevent different types of cyber attacks, our protect may flag the downloader of the ransomware as a malicious application preventing the download of GandCrab.
STEP 3. Prevent the GandCrab ransomware infection with GridinSoft Anti-Ransomware
Despite that some ransomware can remove backups of your OS, our product GridinSoft Anti-Ransomware is able to protect them from the removing in the first place. When some kind of a malicious program or ransomware virus tries to delete your backups, out program intercepts this request and blocks the sending process.
Note: that the product is still in Beta testing phase, some bugs and glitches are possible.
Besides the protection tool, you should read and learn few simple rules. Follow them every time you work on your computer and your will decrease chances of your infection to a minimum:
- Don’t open suspicious spam letters. No way! Be very careful with your downloads. Download and install software preferably from its official website.
- Do backups of your important files regularly. Storing your really important files in few different places is a good decision.
- Keep your system free from adware, hijackers and PUPs The infected computer will be more likely compromised with other malicious software, and ransomware is not an exception in this case.
- Don’t panic and be reasonable. Don’t pay the ransom fee right after you got infected, it is always best to search on the internet for some answers. It is possible that someone have developed a decryption tool that might help you.