Question
Issue: How to restore files encrypted by GandCrab 5?
Hello, my computer recently got infected with GandCrab 5 ransomware, and all files are encrypted! Hackers demand to pay the ransom. Although, I'm not willing to support ransomware attacks and pay the money. Are there any other ways how to restore files encrypted by GandCrab 5? I would really appreciate your help. Thank you.
Solved Answer
GandCrab 5 is a variant of the infamous GandCrab ransomware virus[1]. Even though the original version of the malware was discovered only in January 2018, it already has numerous new versions. This particular variant is also extremely dangerous and can encrypt all files stored on the system.
According to the researchers, GandCrab 5 encrypts data using Salsa20 and RSA 2048[2] ciphers. Encoded files are appended with a randomly generated extension of five letters. It is essential to understand that once the files are encrypted, they become unusable unless decrypted.
Victims receive [randomly_generated_extension]-DECRYPT.html ransom note which includes information about GandCrab 5 ransomware attack. As usual, criminals demand to pay a specific ransom, but users must first contact them via TOR browser[3]. Such actions help hackers remain anonymous.
However, as any IT experts would say, you should NEVER pay the ransom. If you follow the demands of the crooks, you only finance and support future cyber attacks. We know it might seem that there is no other possible way to decrypt files encrypted by GandCrab 5 ransomware.
Luckily, our cybersecurity experts have prepared an easy step-by-step guide showing how to restore files encrypted by GandCrab 5 virus. You can find it at the end of this article. Note that the instructions consist of multiple methods, so try them all for the best results.
Ways to restore files encrypted by GandCrab 5
After you remove GandCrab 5 ransomware with a reliable antivirus software, we recommend scanning your system with FortectMac Washing Machine X9. This system optimization tool is designed to help ransomware victims repair the virus damage and improve computer's performance.
Method 1. Use official GandCrab decryptor
Security researchers at Bitdefender released yet another decryption tool that is capable of decrypting all GandCrab variants up to version 5.2. Simply download the application for the official blog here and perform the following:
- Run the executable file.
- Agree to terms and conditions.
- Click on Scan Entire System or select a specific folder you want the tool to decrypt files from.
Method 2. Restore files using backups
If you have backups stored on an external device, make sure that GandCrab 5 is removed from the computer before plugging it in. Otherwise, the malware will encrypt data on the external device as well.
- Plug in your external flash drive or another device;
- Once it is detected, select all files by pressing Ctrl + A;
- Click Ctrl + C to copy the data and paste it using Ctrl + V.
Method 3. Get Data Recovery Pro software
- Download and install Data Recovery Pro;
- Open the application and select Full Scan;
- Click Start Scan;
- Once it is finished, press the Recover button.
Method 4. Get your files back with Windows Previous Versions feature
Note that this method only works if you have enabled System Restore function before GandCrab 5 ransomware attack.
- Find an encrypted file and right-click on it;
- Select Properties and then go to the Previous Versions tab;
- Find the version before the attack and click Restore.
Method 5. Retrieve data with ShadowExplorer
Before you start, check if GandCrab 5 hasn't deleted Shadow Volume Copies from your system.
- Download and install ShadowExplorer;
- Open the application and find your drive;
- Select it and choose a location to export restored files;
- Click Export.
Recover files and other system components automatically
To recover your files and other system components, you can use free guides by ugetfix.com experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.
Access geo-restricted video content with a VPN
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
Don’t pay ransomware authors – use alternative data recovery options
Malware attacks, particularly ransomware, are by far the biggest danger to your pictures, videos, work, or school files. Since cybercriminals use a robust encryption algorithm to lock data, it can no longer be used until a ransom in bitcoin is paid. Instead of paying hackers, you should first try to use alternative recovery methods that could help you to retrieve at least some portion of the lost data. Otherwise, you could also lose your money, along with the files. One of the best tools that could restore at least some of the encrypted files – Data Recovery Pro.
- ^ Julie Splinters. GandCrab ransomware. How to remove? (Uninstall guide). 2Spyware. Security and Spyware News.
- ^ Margaret Rouse. RSA algorithm (Rivest-Shamir-Adleman). SearchSecurity. TechTarget.
- ^ Tor (anonymity network). Wikipedia. The Free Encyclopedia.
