Issue: How to restore files encrypted by GandCrab 5?
Hello, my computer recently got infected with GandCrab 5 ransomware, and all files are encrypted! Hackers demand to pay the ransom. Although, I'm not willing to support ransomware attacks and pay the money. Are there any other ways how to restore files encrypted by GandCrab 5? I would really appreciate your help. Thank you.
GandCrab 5 is a variant of the infamous GandCrab ransomware virus. Even though the original version of the malware was discovered only in January 2018, it already has numerous new versions. This particular variant is also extremely dangerous and can encrypt all files stored on the system.
According to the researchers, GandCrab 5 encrypts data using Salsa20 and RSA 2048 ciphers. Encoded files are appended with a randomly generated extension of five letters. It is essential to understand that once the files are encrypted, they become unusable unless decrypted.
Victims receive [randomly_generated_extension]-DECRYPT.html ransom note which includes information about GandCrab 5 ransomware attack. As usual, criminals demand to pay a specific ransom, but users must first contact them via TOR browser. Such actions help hackers remain anonymous.
However, as any IT experts would say, you should NEVER pay the ransom. If you follow the demands of the crooks, you only finance and support future cyber attacks. We know it might seem that there is no other possible way to decrypt files encrypted by GandCrab 5 ransomware.
Luckily, our cybersecurity experts have prepared an easy step-by-step guide showing how to restore files encrypted by GandCrab 5 virus. You can find it at the end of this article. Note that the instructions consist of multiple methods, so try them all for the best results.
Ways to restore files encrypted by GandCrab 5
After you remove GandCrab 5 ransomware with a reliable antivirus software, we recommend scanning your system with Reimage. This system optimization tool is designed to help ransomware victims repair the virus damage and improve computer's performance.
Method 1. Use official GandCrab decryptor
Security researchers at Bitdefender released yet another decryption tool that is capable of decrypting all GandCrab variants up to version 5.2. Simply download the application for the official blog here and perform the following:
- Run the executable file.
- Agree to terms and conditions.
- Click on Scan Entire System or select a specific folder you want the tool to decrypt files from.
Method 2. Restore files using backups
If you have backups stored on an external device, make sure that GandCrab 5 is removed from the computer before plugging it in. Otherwise, the malware will encrypt data on the external device as well.
- Plug in your external flash drive or another device;
- Once it is detected, select all files by pressing Ctrl + A;
- Click Ctrl + C to copy the data and paste it using Ctrl + V.
Method 3. Get Data Recovery Pro software
- Download and install Data Recovery Pro;
- Open the application and select Full Scan;
- Click Start Scan;
- Once it is finished, press the Recover button.
Method 4. Get your files back with Windows Previous Versions feature
Note that this method only works if you have enabled System Restore function before GandCrab 5 ransomware attack.
- Find an encrypted file and right-click on it;
- Select Properties and then go to the Previous Versions tab;
- Find the version before the attack and click Restore.
Method 5. Retrieve data with ShadowExplorer
Before you start, check if GandCrab 5 hasn't deleted Shadow Volume Copies from your system.
- Download and install ShadowExplorer;
- Open the application and find your drive;
- Select it and choose a location to export restored files;
- Click Export.
Recover files and other system components automatically
To recover your files and other system components, you can use free guides by ugetfix.com experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.
Prevent websites, ISP, and other parties from tracking you
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.
Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.
Recover your lost files quickly
Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.
Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.
Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.