What is GANDCRAB V4 ransomware
GANDCRAB V4 is the newest version of GandCrab ransomware. The previous versions of this dangerous virus were disastrous and have spread all around the world. Thousands of users got their computers infected with this terrible encoder. GandCrab is so far one of the biggest ransomware threats, that’s why it is so important to protect yourself with a proper anti-virus software or do some backups of your data. When GANDCRAB V4 sneak into victim’s computer, it will start encryption procedure, then encode all the important files (documents, photos, videos) with AES-256 (CBC mode) and RSA-2048 encryption algorythm. If your computer is infected, use this guide in order to remove GANDCRAB V4 ransomware and decrypt .KRAB files.
GANDCRAB V4 uses malicious DOC files with infection-macros, so that it will trigger when it’s opened. When the infection is finished, the ransomware will encrypt all user’s files and add .KRAB extension to their names. When the file is encoded, a user can’t access them in any possible way. Cyber criminals are trying to blackmail their victims – they will decode these .KRAB files in exchange for money. You may find these demands in KRAB-DECRYPT.txt file. We must warn you that usually cyber criminals do not answer to their victims, so there is no use to spend money on a shady ransom, especially when you can remove the virus and recover your data by using this guide.
–= GANDCRAB V4 =—
Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension: .KRAB
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
—————————————————————————————-
| 0. Download Tor browser – https://www.torproject.org/
| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: ***
| 4. Follow the instructions on this page
—————————————————————————————-
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
ATTENTION!
IN ORDER TO PREVENT DATA DAMAGE:
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW
—BEGIN GANDCRAB KEY—
lAQAADcGuK2O86SjorV5S***2252_chars***3xoPSX/TrEnwTiQ76HdztGYuXZ4KO7rogc=
—END GANDCRAB KEY—
—BEGIN PC DATA—
wfKD6iudumBkmpL8IRr4U7***76_chars***mMngioqtOiJtTit2DjRIuBtNYA==
—END PC DATA—
Here’s the list of extensions that GANDCRAB V4 ransomware will encrypt:
.cat, .csv, .db, .doc, .gif, .htm, .ico, .inf, .ini, .jpg, .png, .ppt, .sam, .shw, .txt, .url, .xls, .xml, .wav, .wb2, .wk4, .wpd, .wpg
These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives and so on.
There are two solutions of this problem. First is to use special Removal Tool. Removal Tools delete all instances of malware by few clicks and help user to save time. Or you can use Manual Removal Guide, but you should know that it might be very difficult to remove GANDCRAB V4 ransomware manually without specialist’s help.
GANDCRAB V4 Removal Guide
- Download GANDCRAB V4 Removal Tool.
- Remove GANDCRAB V4 from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
- How to restore files
- How to protect PC from future infections.
How to remove GANDCRAB V4 ransomware automatically:
This removal tool can help you to get rid of this nasty virus and clean up your system. In case you need a proper and reliable solution, we recommend you to download and try it. This anti-ransomware removal tool is able to detect and remove GANDCRAB V4 ransomware from your system.
Manual GANDCRAB V4 Removal Guide
Here is step-by-step instructions on how to remove GANDCRAB V4 from Windows and Mac computers. Follow this steps carefully and remove files and folders belonging to GANDCRAB V4. First of all, you need to run system in a Safe Mode. Then find and remove needed files and folders.
Uninstall GANDCRAB V4 from Windows or Mac
Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:
CRAB-DECRYPT.txt (KRAB-DECRYPT.txt)
Crack_Ghost_Mouse_Auto_Clicker.exe
1.pdf
1.exe
GANDCRAB.exe
Windows 7/Vista:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to GANDCRAB V4 by using Removal Tool;
- Delete found files;
Windows 8/8.1:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to GANDCRAB V4 by using Removal Tool;
- Delete found files;
Windows 10:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to GANDCRAB V4 by using Removal Tool;
- Delete found files;
Windows XP:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to GANDCRAB V4 by using Removal Tool;
- Delete found files;
Mac OS:
- Restart the computer;
- Press and Hold Shift button, before system will be loaded;
- Release Shift button, when Apple logo appears;
- Find programs or files potentially related to GANDCRAB V4 by using Removal Tool;
- Delete found files;
How to restore encrypted files
You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.
Restore data with Stellar Data Recovery
This program can restore the encrypted files, it is easy to use and very helpful.
- Download and install Stellar Data Recovery
- Choose drives and folders with your data, then press Scan.
- Select all the files in a folder, then click on Restore button.
- Manage export location. That’s it!
Restore encrypted files using Recuva
There is an alternative program, that you may use – Recuva.
- Run the Recuva;
- Follow instructions and wait until scan process ends;
- Find needed files, mark them and Press Recover button;
How to prevent ransomware infection?
It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.
Malwarebytes
SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.
this ransomware was so annoying, glad i finally get rid of it, thanks
I am glad to hear it, Cihan Erdem.
i agree, these instructions worked for me too!
thanks, data recovery is a thing!!!
i tried to restore files with recuva, did not helped me much. Stellar Phoenix Windows Data Recovery did, though