THREAT REMOVAL

This article has been created to help explain how tofrom your computer and how you can decrypt files for all versions of the virus, from the first one to the last one.

GandCrab ransomware is the type of malware that has become quite the celebrity among ransomware viruses. The virus aims to extort users to make a payment in BitCoin or Dash in return for their encrypted files. The virus used a variety of different file extensions for its different variants. Below you can see all of the versions of GandCrab so far:

Luckily for all of the victims who have asked for decryptors, now there is a free decryption tool that uses specific RSA-2048 private key, which BitDefender kindly provides in their GandCrab Decryption Tool. These news broke out after the GandCrab creators released free decryption keys for the victims of the virus, who are citizens of Syria.

GandCrab Ransomware Decryption – Update November 2018

A new version of GandCrab ransomware has come out, shortly after BitDefender have released their decryption tool, costing the GandCrab developers around 1 million dollars. The new version is called

GandCrab Ransomware Decryption Instructions

GANDCRAB 5.0.5 and currently there has been no decryption for it. However, you can check our file recovery and removal video of the 5.0.5 version, which contains more instructions and alternative methods that may help you to try and restore at least some of the files encrypted by v5.0.5.

The encryption process of the first versions of GandCrab (v1, v2 and v3) used AES-256 encryption with a Cipher Block Chaining. The newer versions (v4 and v5) now use Salsa20 algorithm. The virus used to encrypt a larger portion of the files, risking to damage them, but now it encrypts only a small portion of the files via Salsa20, enough to render them no longer able to be opened. This is how the researchers have managed to reach a breakthrough and the result of that is the BitDefender GandCrab Decryptor. Below, you can find instructions on how you can restore files, encrypted by this version of GandCrab for free.

Important! Before decrypting your encrypted files, you will need to have at least one ransom note from your infection, which is required to recover the decryption key. So, before removing the virus files, make a copy of the ransom note on a flash drive or other external drive. Make sure to do this before scanning your PC. Before decrypting your encrypted files,, which is required to recover the decryption key. So, before removing the virus files,or other external drive. Make sure to do this before scanning your PC. The most preferred way to remove GandCrab ransomware is by downloading an anti-malware program and running a scan. Such a program is designed to remove malware automatically and to further protect the system. Download Malware Removal Tool

SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Decryption Steps

Important! Before beginning decryption, make sure that you are connected to the internet as the BitDefender GandCrab V1, V4, V5 Decryptor works with BitDefneder’s servers to find the decryption keys and recover your files.

Step 1: Download the BitDefender GandCrab Decryptor by clicking on the download button underneath:

Step 2: Save the file where you can find it and Run it:

Step 3: Agree with the Software License Agreement by clicking “I Agree”.

Step 4: If you want specific encrypted files in a single folder to be decrypted, select them by clicking on “Browse”. If you want all files on your computer to be decrypted, tick “Scan Entire System”.

Step 5: Do not forget to tick “Backup Files” before begging, in case something goes wrong. If you see the “Ready to scan” indicator, click on the “Scan” button to begin the decryption process.

Step 6: The software will begin looking for the decryption keys. Be advised that this will definitely take some significant time so arm yourself with patience.

Step 7: When the software has finished decrypting your files, you should find them in the folder:

Be advised to check if all of your files are DECRYPTED successfully before removing the encrypted ones. To remove the encrypted files, you can search them by using Windows search. This can happen by opening “This PC” (My Computer) in Windows and then in the search bar on it’s top-right type the follow and search for it:

→ fileextension:{the extension of your files}

The files should start appearing and when the search is done, press CTRL+A to select all and then press Shift+Del to delete all of the files simultaneously:

Conclusion and Important Tips

Keep in mind that this decryption tool will first try to decrypt 5 files and if this test does not pass, it will not continue, although the probability for that is very low. Also note that BitDefender researchers find it important to receive any feedback, so if you fail to decrypt your files, you should contact them on forensics@bitdefender.com and send them the log file of the decryption process, which is usually located in %Temp%\BDRemovalTool directory.

Ventsislav Krastev Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security. More Posts - Website Follow Me:



Download (MAC) Malware Removal Tool See If Your System Has Been Affected by Malware. Please note that Disk Cleaner, Big Files Finder and Duplicates Scanner features are free to use. Antivirus, Privacy Scanner and Uninstaller features are paid. Read Combo Cleaner’s EULA and Privacy Policy

Download (MAC) Malware Removal Tool Get a free scanner to see if your MAC is infected. SpyHunter for MAC free remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read EULA and Privacy Policy