GandCrab v5.3 Ransomware is probably imposter of original GandCrab Ransomware family. However, it still encrypts files in similar fashion to GandCrab v5.2 Ransomware. Encrypted files get .[5-6-7-8-random-letters] extension and ransom note file has different name: [5-6-7-8-random-letters]-MANUAL.txt, however, still looks identical to previous generation. After debugging executable files security specialists find ironical comments “Jokeroo, new ransom”, “We rulez!!”. Jokeroo is a new Ransomware-as-a-Service, that is promoted on underground hacking sites and via Twitter that allows affiliates to allegedly gain access to a fully functional ransomware and payment server. GandCrab Ransomware grows into separate industry, where people with bad intentions and basic computer knowledge can earn money with this criminal schemes. Some of the previous versions of GandCrab Ransomware could be decrypted with speciql decryptor from BitDefender, we will provide download link for this tool below.
GandCrab v5.2 Ransomware was released just few hours before Europol, Romanian Police and Bitdefender released full-functional decryption tool for all previous versions of virus, up to GandCrab v5.1 Ransomware. Updated version of GandCrab adds .[5-6-7-8-9-10-random-letters] extension and ransom note file will get such name: [5-6-7-8-9-10-random-letters]-DECRYPT.txt and [random-letters]-DECRYPT.html. It is reported that many IT companies and managed service providers have been infected and affected by the GandCrab Ransomware. Some of the previous versions had decryptor from BitDefender, we will provide download link for this tool below. There is a possibility, that program will be updated to work with GandCrab v5.2 Ransomware. Meanwhile, we recommend you to use standard Windows functions, such as shadow copies, previous versions of files, restore point to attempt recovering your files. Using special file-recovery software often helps to restore many files, remover by the user earlier and not touched by the virus.
GandCrab v5.1 Ransomware is fifth generation of very dangerous and harmful GandCrab Ransomware. It is yet unknown what type of encryption algorithm it uses. Virus assigns randomly generated identification code to each particular user. It looks like set of 8 letters and GandCrab v5.1 Ransomware uses it to create .[random-letters] extension and ransom note filename will look like this: [random-letters]-DECRYPT.txt and [random-letters]-DECRYPT.html. The contents of this ransom note is slightly different from previous versions of this malware. Unfortunately, files encrypted by GandCrab v5.1 Ransomware are currently not decryptable. However, as some of the previous versions had decryptor from BitDefender, we will provide download link for this tool below. There is a possibility, that they will update the program to decrypt latest instances of GandCrab Ransomware. We also provide general manual instructions, that can, in many cases, help you restore some or even all encrypted files. All these methods are worth trying.
GandCrab V4 Ransomware fourth generation of notorious GandCrab Ransomware. Virus uses complex combination of AES-256 (CBC-mode), RSA-2048 and Salsa20 encryption algorithms. This particular version adds .KRAB extension to encrypted files and creates slightly different ransom note called KRAB-DECRYPT.txt. GandCrab V4 Ransomware demands ransom in BitCoins. Usually, it varies from $200 to $1000. Malware encrypts all types of files except ones in the whitelist and some necessary for Windows operation. All photos, documents, videos, databases get exncrypted after indection. Virus uses WMIC.exe shadowcopy delete command to remove shadow copies and reduce the chances of recovery. Unfortunately, at the moment we write this article, current decryption tools cannot decrypt GandCrab V4 Ransomware, but we will still provide links to this utilities as they can be updated any day.
GandCrab V5.0.5 Ransomware is fifth generation of high-risk GandCrab Ransomware. Probably, this virus was developed in Russia. This crypto-extortor encrypts user and server data using the Salsa20 algorithm, and RSA-2048 is used for auxiliary key encryption. 5-th version appends .[5-random-letters] extension to encrypted files and creates ransom note called [5-random-letters]-DECRYPT.txt. Examples of ransom notes: VSVDV-DECRYPT.html, FBKDP-DECRYPT.html, IBAGX-DECRYPT.html, QIKKA-DECRYPT.html. GandCrab V5.0.5 Ransomware demands $800 ransom in BitCoins or DASH cryptocurrencies for decryption. However, often, malefactors deceive users and don’t send keys. Thus, victim won’t recover her/his files, but put credentials at risk on doubtful exchange of cryptocurrencies.