Remove Gandcrab 5.0.4 ransomware (Removal Instructions) - updated Feb 2020

GandCrab 5.0.4 ransomware is a decryptable variant of GandCrab family

Questions about Gandcrab 5.0.4 ransomware

• Decryption software for Gandcrab 5.0.4  24/06/19 1
• I was infected with GANDCRAB V5.0.4 ransomware  21/02/19 1
• Is there a gandcrab 5.0.4 decryption tool available yet?  06/02/19 1
• I have all my docs encrypted by Gandcrab 5 0 4  18/01/19 1
• Hi. How do I reinstall my OS after getting infected with GandCrab 5.0.4?  01/01/19 1

GandCrab 5.0.4 is ransomware that was first spotted in early October 2018 and is a variant of the infamous GandCrab virus. Upon infiltration, it encrypts data using RSA and Salsa 20 encryption algorithms, adds a random extension (for example, .GHMFJ) to each of the personal files, and drops a ransom note [random]-DECRYPT.txt. It is uploaded from a C2 server that is controlled by hackers to make sure victims are aware of what happened and what to do next. To retrieve access to personal data, users are asked to pay up in Bitcoin or Dash cryptocurrency. GandCrab v5.0.4 also swaps the desktop wallpaper to the one which looks like a brief ransom note. This variant of the virus is propagated with the help of Fallout exploit kit,^[1] the fake Windows defender update and some other distribution methods propagating output.114727762.txt and similar files which are malicious. Luckily, some virus versions are already decryptable^[2] with the help of Bitdefender's decryptor. Those who are unlucky can also try a tool provided by McAfee's security researcher Raj Samani.^[3] We provide all the links below.

To distribute malicious payload of earlier variants, hackers have been using RIG and GradSoft exploit kits.^[4] However, v5 utilizes the new Fallout exploit kit, as well as spam emails, malicious websites and ALPC Task Scheduler Zero-day exploit,^[5] making Gandcrab 5.0.4 ransomware one of the most rampantly growing threats in the past few weeks.

Just as like its previous variants, Gandcrab v5.0.4 virus uses sophisticated encryption algorithm RSA and Salsa20 to encrypt files such as videos, pictures, images, databases documents, and renders them useless. To retrieve access to the data, victims are urged to contact criminals via the TOR browser or a provided email address. The full ransomware note reads the following:

—= GANDCRAB V5.0.4 =—

Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension: .OBKBTXTN

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

The server with your key is in a closed network TOR. You can get there by the following ways:

| 0. Download Tor browser – hxxps://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: hxxp://gandcrabmfe6mnef.onion/bba886b160b8e97e
| 4. Follow the instructions on this page 

—————–

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

—BEGIN GANDCRAB KEY—
–
—END GANDCRAB KEY—

—BEGIN PC DATA—
–
—END PC DATA—
———————

As usual, experts recommend avoiding any contact with cybercriminals and taking care of Gandcrab 5.0.4 ransomware removal instead. Hackers should never be trusted as they use clever social engineering to trick people into paying money. Malware authors can simply ignore you after the ransom is paid (they usually demand between $800 and $2400 in Bitcoin or Dash), so you will end up losing both – files and money. Thus, do not risk being a victim of a scam, as such scenario is highly plausible.

To remove Gandcrab 5.0.4 ransomware, you should download and install comprehensive security software, bring it up to date, enter Safe Mode with Networking and perform a full system scan. This should disable the virus temporary and allow the security program to operate correctly.

Only after Gandcrab v5.0.4 elimination, you should attempt file recovery. The latest variant of GandCrab is already decryptable. The tools that you can use are provided in our recovery guide below. Unfortunately, we have been informed that for some victims the decryption tool fails to work. In this case, try third-party methods.

GandCrab 5.0.4 is a ransomware infection that uses exploit kits, spam emails, malicious sites, and other propagation techniques to infiltrate the machines of thousands of users

Patch your software on time and be aware of spam email campaigns

Since the latest variant utilizes Fallout exploit kit, as well as vulnerability, make sure you patch your software regularly. Security updates are vital for any machine, as it blocks malicious payloads bypassing bugs inside the software. It is equally important to update security software on a regular basis, as detection databases are updated daily.

Nevertheless, be aware that new malware strings are emerging every day, so staying alert while browsing the internet and opening spam emails are vital to virtual safety. We recommend you stay away from the torrent, file-sharing, gambling, porn,^[6] and similar insecure sites. Likewise, opening email attachments from an unknown source is also a bad idea. If you are not sure if the email is legitimate, contact the company that is allegedly sending it, and confirm that email is not fake. Also, scanning the attached file with security software is recommended.

GandCrab 5.0.4 virus elimination and file recovery

Despite crooks' warnings, you should not delay Gandcrab 5.0.4 ransomware removal. The malware might compromise the safety of the machine, and allow other dangerous infections to slip through. Therefore, if you still do not have security software, download and install Reimage Reimage Cleaner or SpyHunter 5Combo Cleaner and run a full system scan. In some cases, the cyber threat might block anti-malware software, so entering Safe Mode with Networking might be a way out.

Only after you remove Gandcrab 5.0.4 virus, you can attempt file recovery. If you have backups available – do not connect the external device to the infected machine, of all your backups will be ruined and encrypted as well! If you do not have backups, follow our guide below to try alternative methods designed to help victims decrypt Gandcrab 5.0.4. There is also an official tool from Bitdefender that you can use to recover encrypted data. It is provided in the link below.

Reimage review | Terms of Use | Privacy policy | Refund Policy | Press | Uninstall guide Reimage review | Terms of Use | Privacy policy | Refund Policy | Press | Uninstall guide