GandCrab V5.0.5 Ransomware is fifth generation of high-risk GandCrab Ransomware. Probably, this virus was developed in Russia. This crypto-extortor encrypts user and server data using the Salsa20 algorithm, and RSA-2048 is used for auxiliary key encryption. 5-th version appends .[5-random-letters] extension to encrypted files and creates ransom note called [5-random-letters]-DECRYPT.txt. Examples of ransom notes: VSVDV-DECRYPT.html, FBKDP-DECRYPT.html, IBAGX-DECRYPT.html, QIKKA-DECRYPT.html. GandCrab V5.0.5 Ransomware demands $800 ransom in BitCoins or DASH cryptocurrencies for decryption. However, often, malefactors deceive users and don’t send keys. Thus, victim won’t recover her/his files, but put credentials at risk on doubtful exchange of cryptocurrencies.
GandCrab V4 Ransomware fourth generation of notorious GandCrab Ransomware. Virus uses complex combination of AES-256 (CBC-mode), RSA-2048 and Salsa20 encryption algorithms. This particular version adds .KRAB extension to encrypted files and creates slightly different ransom note called KRAB-DECRYPT.txt. GandCrab V4 Ransomware demands ransom in BitCoins. Usually, it varies from $200 to $1000. Malware encrypts all types of files except ones in the whitelist and some necessary for Windows operation. All photos, documents, videos, databases get exncrypted after indection. Virus uses WMIC.exe shadowcopy delete command to remove shadow copies and reduce the chances of recovery. Unfortunately, at the moment we write this article, current decryption tools cannot decrypt GandCrab V4 Ransomware, but we will still provide links to this utilities as they can be updated any day.