How to remove GANDCRAB 5.0.4 Ransomware and recover your files

How to remove GANDCRAB 5.0.4 Ransomware and recover your files

What is GANDCRAB 5.0.4 ransomware

GANDCRAB 5.0.4 – is the newest version of GANDCRAB 5 ransomware, that was released in October, 2018. It can be distributed by hacking through an unprotected RDP configuration, email spam and malicious attachments, fraudulent downloads, exploits, web injections, fake updates, repackaged and infected installers. GANDCRAB 5.0.4 ransomware is able to use encryption on all important files, then ask for money to decrypt. Use this guide to remove GANDCRAB 5.0.4 ransomware and decrypt GANDCRAB 5.0.4 files.

remove GANDCRAB 5.0.4 ransomware

GANDCRAB 5.0.4 is using Salsa20 and RSA-2048 encryption algorithm to encode personal data of a victim. Encrypted data is not accessible and user can’t open or run encrypted files. The virus may encipher all the important files: any kind of documents (like MS Office), photos, videos, audio files, email files and so on. Then cyber criminals are offering a simple deal – 2400$ in cryptocurrency (in this particular case it is BitCoins or DASH) for decryption (the process reverse to encryption). You may find this offer in any ransom note of this virus.

The ransomware will drop [random characters and numbers]-DECRYPT.html file (for example XMMFA-DECRYPT.html), here is the content of it:

remove GANDCRAB 5.0.4 ransomware

The virus will also change desktop wallpapers to pidor.bmp as a blackmail message:

ENCRYPTED BY GANDCRAB 5.0.4
DEAR %Username% YOUR FILES ARE UNDER STRONG PROTECTION BY OUR SOFTWARE.
IN ORDER TO RESTORE IT YOU MUST BUY DECRYPTOR
For further steps read DQXOO-DECRYPT.html that is located in every encrypted folder.

You may find more information on their onion-site, here is the first page:

remove GANDCRAB 5.0.4 ransomware

We are sorry, but your files have been encrypted!
Don’t worry, we can help you to return all of your files!
Files decryptor’s price is 2400 USD
If payment isn’t made until 2018-07-20 02:32:41 UTC the cost of decrypting files will be doubled
Amount was doubled!
Time left to double price:
—————————————————————————————–
What the matter? Buy GandCrab Decryptor Support is 24/7 Test decrypt
—————————————————————————————–
Please turn on javascript!!
What the matter?
Your computer has been infected with GandCrab Ransomware. Your files have been encrypted and you can’t decrypt it by yourself.
In the network, you can probably find decryptors and third-party software, but it won’t help you and it only can make your files undecryptable
What can I do to get my files back?
You should buy GandCrab Decryptor. This software will help you to decrypt all of your encrypted files and remove GandCrab Ransomware from your PC.
Current price: $2,400.00. As payment, you need cryptocurrency DASH or Bitcoin
What guarantees can you give to me?
You can use test decryption and decrypt 1 file for free
What is cryptocurrency and how can I purchase GandCrab Decryptor?
You can read more details about cryptocurrency at Google or here.
As payment, you have to buy DASH or Bitcoin using a credit card, and send coins to our address.
How can I pay to you?
You have to buy Bitcoin or DASH using a credit card. Links to services where you can do it: Dash exchanges list, Bitcoin exchanges list
After it, go to our payment page Buy GandCrab Decryptor, choose your payment method and follow the instructions

And the second page:

remove GANDCRAB 5.0.4 ransomware

Please turn on javascript!!
DASH
Bitcoin
Promotion code
Payment amount: 12.14390528 DSH ( $2,400.00 )
1 DSH = $197.63
Buy cryptocurrency DASH. Here you can find services where you can do it.
Send 12.14390528 DSH to the address:
Please turn on javascript!!
Attention!
Please be careful and check the address visually after copy-pasting (because there is a probability of a malware on your PC that monitors and changes the address in your clipboard)
If you don’t use TOR Browser:
Send a verification payment for a small amount, and then, make sure that the coins are coming, then send the rest of the amount.
We won’t take any responsibility if your funds don’t reach us
After payment, you will see your transactions bellow
The transaction will be confirmed after it receives 3 confirmations (usually it takes about 10 minutes)
Transactions list
TX Amount Status
None
This process is fully automated, all payments are instant.
After your payment, please refresh this page and get an opportunity to download GandCrab’s Decryptor!

Important note: In order to infect their victims, GANDCRAB 5.0.4 uses method of fraudulent downloads with hacked, repacked (RePack) and infected installers of popular programs, games and other software. When users download and run any of these infected programs, they will install GANDCRAB 5.0.4. Also we must warn you that usually cyber criminals do not answer to their victims, so there is no use to spend huge money on a ransom, especially when you can remove the virus by using this guide.

Here’s the list of extensions that GANDCRAB 5.0.4 ransomware will encrypt:

.cat, .csv, .db, .doc, .gif, .htm, .ico, .inf, .ini, .jpg, .png, .ppt, .sam, .shw, .txt, .url, .xls, .xml, .wav, .wb2, .wk4, .wpd, .wpg
These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives and so on.

Be cautious

It is common knowledge that most of ransomware viruses use spam emails as a method of distribution. Cyber criminals screen their viruses behind email messages with infected attachments, so that their victims will voluntarily open them, making virus infiltration process much easier. That’s why we strongly recommend not to open any suspicious and shady attachments from unknown emails. Cyber crooks make use of anything that can force a user to open such email: fake memos, messages from big and trusted shops like Amazon or Ebay, congratulation letters about winning some expensive gadgets or big sum of money, and so on. For example, here is the letter that the victim of GANDCRAB may receive (German version):

remove GANDCRAB 5.0.4 ransomware

There are two solutions of this problem. First is to use special Removal Tool. Removal Tools delete all instances of malware by few clicks and help user to save time. Or you can use Manual Removal Guide, but you should know that it might be very difficult to remove GANDCRAB 5.0.4 ransomware manually without specialist’s help.

GANDCRAB 5.0.4 Removal Guide

  1. Download GANDCRAB 5.0.4 Removal Tool.
  2. Remove GANDCRAB 5.0.4 from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
  3. How to restore files
  4. How to protect PC from future infections.

How to remove GANDCRAB 5.0.4 ransomware automatically:

NORTON3
Orientation: 1

Download Norton Security Thor Home may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.

Windows compatible

Manual GANDCRAB 5.0.4 Removal Guide

Here is step-by-step instructions on how to remove GANDCRAB 5.0.4 from Windows and Mac computers. Follow this steps carefully and remove files and folders belonging to GANDCRAB 5.0.4. First of all, you need to run system in a Safe Mode. Then find and remove needed files and folders.

Uninstall GANDCRAB 5.0.4 from Windows or Mac

Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:

-DECRYPT.html
%s-DECRYPT.html
%s-DECRYPT.txt
XMMFA-DECRYPT.html
IBAGX-DECRYPT.html
QIKKA-DECRYPT.html
KRAB-DECRYPT.html
KRAB-DECRYPT.txt
CRAB-DECRYPT.txt
pidor.bmp

Windows 7/Vista:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to GANDCRAB 5.0.4 by using Removal Tool;
  5. Delete found files;

Windows 8/8.1:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to GANDCRAB 5.0.4 by using Removal Tool;
  5. Delete found files;

Windows 10:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to GANDCRAB 5.0.4 by using Removal Tool;
  5. Delete found files;

Windows XP:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to GANDCRAB 5.0.4 by using Removal Tool;
  5. Delete found files;

Mac OS:

  1. Restart the computer;
  2. Press and Hold Shift button, before system will be loaded;
  3. Release Shift button, when Apple logo appears;
  4. Find programs or files potentially related to GANDCRAB 5.0.4 by using Removal Tool;
  5. Delete found files;

How to restore encrypted files

You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.

Restore data with Stellar Data Recovery

This program can restore the encrypted files, it is easy to use and very helpful.

  1. Download and install Stellar Data Recovery
  2. Choose drives and folders with your data, then press Scan.
  3. Select all the files in a folder, then click on Restore button.
  4. Manage export location. That’s it!

Download Stellar Data Recovery


Restore encrypted files using Recuva

There is an alternative program, that you may use – Recuva.

  1. Run the Recuva;
  2. Follow instructions and wait until scan process ends;
  3. Find needed files, mark them and Press Recover button;

How to prevent ransomware infection?

It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.

Malwarebytes

NORTON3
Orientation: 1

Download Norton Security

SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.

Additional information

In case this instruction would not help, you may use our decryption service. First of all, please refer to this instruction:

  1. Decryption by our service usually takes at least 5 business days.
  2. Our service may process about 3-4 test files from different directories with the file size no more than 8 MB.
  3. The files must be unique files from your computer, there must be no files that me be found in open access in the internet.
  4. Once test decryption and analyzing procedures are finished, we will inform you about possibility, cost and term of decryption.

Now you are ready to fill up the form below, thank you for your cooperation:

[sc name=”upload form”]

Leave a Reply

Your email address will not be published. Required fields are marked *