Remove GandCrab v5.2 Ransomware Virus & Decrypt GandCrab encrypted files (+File Recovery)

Remove GandCrab v5.2 Ransomware Virus & Decrypt GandCrab encrypted files
 (+File Recovery)


This page aims to help you remove GandCrab v5.2 Ransomware Virus for free. Our instructions also cover how any GandCrab v5.2 file can be recovered.
Sometimes, paying the ransom would indeed put an end to the whole situation and you would have your files returned to you. However, what’s the guarantee that instead of this happening the hackers won’t simply keep the money you send them and not give you anything in return that could allow you to regain the access to your data. Also, what if the sum requested is too high and you cannot pay it at the moment. For instances like this, we have prepared our guide and posted it on this page. The instructions in it will allow you to liberate your PC from the presence of GandCrab v5.2 and the added data recovery section will present you with some file restoration solutions that may be of help. The problem is that, as we said earlier, we can’t promise you anything when it comes to how much of your data you’d be able to restore. Still, it’s important to try all options that do not include paying the ransom since it’s never a good idea to send your money to cyber criminals.

In announcements by both Bitdefender and Europol, a decryptor for the GandCrab Ransomware was released that decrypts the latest versions of the ransomware.


SUMMARY:
NameGandCrab v5.2
TypeRansomware
Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
SymptomsMost infections of this type lack symptoms other than increased CPU and RAM use while the files are being encrypted.
Distribution MethodMalicious spam letters, random fake update requests and ads, pirated programs coming from illegal sites and so on.
Data Recovery ToolCurrently able 


The rise and fall of GandCrab
BleepingComputer has been following GandCrab since it was first released on January 28th, 2018, when it began to be distributed through a Ransomware-as-an-Affiliate system on underground hacker forums like Exploit.in.

When first released, the GandCrab Ransomware was being distributed through the RIG exploit kit and would encrypt a victim's files and append the .GDCB extension to their names.


Remove GandCrab v5.2 Ransomware Virus & Decrypt GandCrab encrypted files (+File Recovery)
Remove GandCrab v5.2 Ransomware Virus & Decrypt GandCrab encrypted files (+File Recovery)


Original GandCrab Ransom Note
The GandCrab developers had a penchant  for taunting researchers and organizations that monitored ransomware and the first release was no different.

When first release, the GandCrab devs sent BleepingComputer a taunt or message in their executable by naming one of their command & control servers after us and other organizations known to track ransomware.


These original C2s were:
-bleepingcomputer.bit-nomoreransom.bit-esetnod32.bit-emsisoft.bit-gandcrab.bit
While the GandCrab team hit some roadblocks along the with way with C2 servers being hacked and researchers releasing decryptors [1, 2, 3], when they announced their retirement this month, they also claimed to have earned massive amount of revenue. 

Remove GandCrab v5.2 Ransomware Virus & Decrypt GandCrab encrypted files (+File Recovery)
Remove GandCrab v5.2 Ransomware Virus & Decrypt GandCrab encrypted files (+File Recovery)




In a retirement post to the hacker forum Exploit.in, the ransomware developers claim to have earned $2 billion in ransom payments and $150 million in personal profit.


Remove GandCrab v5.2 Ransomware Virus

Step 1 :- 
Some of the steps will likely require you to exit the page. Bookmark it for later reference.


Reboot in Safe Mode (use this guide if you don’t know how to do it).



 Step 2 :-
The ransomware may still be hiding on your PC. To determine whether this is true, we recommend downloading  This 2 Antivirus And Scan  Your full PC. 




Step 3 :- 
Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts





A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:






Step 4 : -
Type each of the following in the Windows Search Field:

%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
%Temp%
Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!




How to Decrypt GandCrab encrypted files:- 

If you were infected with the GandCrab Ransomware v1, v4, and versions 5-5.2, then you will now be able to get your files back for free using an updated decryptor by Bitdefender.

Step 1:-
To get started, download the BDGandCrabDecryptTool.exe file from the following download link

Download :- .BDGandCrabDecryptTool.exe




Step 2:-

 Once downloaded, double-click on the program and you will be greeted with a license agreement, which you should accept.


 Decrypt GandCrab encrypted files
 Decrypt GandCrab encrypted files


The decryptor will open and display a notice that the machine needs to be connected for the Internet to work. This is because the decryptor will need to connect back to the Bitdefender servers in order to check for your decryption key and download it.







Step 3 :-
You will now be shown the main GandCrab decryptor screen as shown below. At this point you have the option to either decrypt the entire computer or a specific folder.







I suggest you test the decryptor again a folder first to make sure it works and that there are no issues. If successful, you can then select "Scan entire system" to decrypt the whole computer.



 Decrypt GandCrab encrypted files
How to Decrypt GandCrab encrypted files




Once you select the option you want, to begin decryption you need to click on the Start Tool button.

Once the decryption process is started, the decryptor will look for a ransom note to retrieve certain information, which is then uploaded to Bitdefender's servers. If a key can be found, it will be sent back to the decryptor.


Step 4 :-
Once a decryption key is retrieved and loaded, the decryptor will start to decrypt the files on your computer. You can track its progress by using the scroll bar in the decryptor window.


How to Decrypt GandCrab encrypted files
How to Decrypt GandCrab encrypted files







When done, the decryptor will state it's finished and alert you to any issues.

How to Decrypt GandCrab encrypted files
 Decrypt GandCrab encrypted files (+File Recovery)






If there are issues, you can click on the log file link to automatically open the %Temp%\BDRansomDecryptor\BDRansomDecryptor\BitdefenderLog.txt log file. This file will contain a summary of the decrypted files and any that were not able to be decrypted.

 Decrypt GandCrab encrypted files (+File Recovery)
 Decrypt GandCrab encrypted files (+File Recovery)



f you are a victim of the GandCrab ransomware, then Bitdefender's decryption tool is worth a try. If it succeeds in unlocking your files, you will be able to access your data once more without having to pay a dime to the cybercriminals
Remove GandCrab v5.2 Ransomware Virus & Decrypt GandCrab encrypted files (+File Recovery) Remove GandCrab v5.2 Ransomware Virus & Decrypt GandCrab encrypted files (+File Recovery) Reviewed by Imtiaz Hasan on 12:48 PM Rating: 5

No comments:

Powered by Blogger.