Home / Spyware Help / GandCrab 5 Ransomware Removal Guide

GandCrab 5 Ransomware Removal Guide

by 0 Comments

Do you know what GandCrab 5 Ransomware is?

GandCrab 5 Ransomware is the fifth and the newest GandCrab Ransomware’s version. We cannot say a lot has changed compared to previous versions of it, but we will explain its effective manner in details further in the article. Just like the earlier variants, the threat is mainly dangerous because it can encrypt user’s files and make them useless. Unfortunately, after the process the affected data can be deciphered only with particular decryption tools and as usual hackers behind the malicious application are asking for payment. Not just the sum is huge, but despite what the cybercriminals might say there are no guarantees you will get the promised tools even if you do everything they may ask of you. In case you do not want to risk end up being tricked by the GandCrab 5 Ransomware’s developers we advise you to ignore the displayed ransom note and get rid of the threat. The task should not be particularly difficult, but you should check the removal guide available below before deciding whether you should remove the malware manually or with automatic features.

Our computer security specialists report the malicious application could be spread via a few different channels. For example, the hackers could bundle GandCrab 5 Ransomware with game cracks, various software installers, and other data found on untrustworthy file-sharing web pages. Also, the malware could be dropped on the targeted computers by exploiting weak passwords or other vulnerabilities. Therefore, to protect the system against such threats, it is crucial not only to avoid questionable content from the Internet but also make sure the computer and the programs you use do not have any vulnerabilities that could be exploited. An additional way to strengthen the system is to keep a reputable antimalware tool installed as it could warn you about potentially dangerous content or even prevent it from harming the computer.

GandCrab 5 Ransomware does not need to settle in to start the encryption process, which is why it might begin immediately after the system gets infected. It is not difficult to separate enciphered data as it should have an additional extension. Our computer security specialists say that unlike earlier versions this variant might mark encrypted files with extensions from 5 random characters. Also, instead of creating a .html file, the malware might place a .txt file with a ransom note. Inside of it, users should find instructions or links where to find further instructions on how to pay a ransom and receive decryption tools. The sample we tested demanded to pay between 800 and 1600 US dollars in cryptocurrency. No doubt, paying such a sum when you do not know if you will even receive the promised tools would be a considerable risk. If you are not prepared to take it, we advise deleting GandCrab 5 Ransomware with no hesitation.GandCrab 5 Ransomware Removal GuideGandCrab 5 Ransomware screenshot
Scroll down for full removal instructions

The removal guide available below the text will show how to eliminate GandCrab 5 Ransomware manually, so if you think you can handle the task feel free to follow the provided steps. On the other hand, if it looks too complicated, you could get a reputable antimalware tool that would do all the jog for you.

Erase GandCrab 5 Ransomware

  1. Click Ctrl+Alt+Delete simultaneously.
  2. Pick Task Manager.
  3. Take a look at the Processes tab.
  4. Locate a process associated with this malicious program.
  5. Select it and tap the End Task button.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find a file opened when the system got infected, right-click the malicious file and select Delete.
  9. Locate the malware’s ransom note (e.g., [*unique extension]-DECRYPT.txt), right-click it too and select Delete.
  10. Leave File Explorer.
  11. Empty Recycle bin.
  12. Restart the computer.

In non-techie terms:

GandCrab 5 Ransomware is a malicious file-encrypting threat, so if you come across it, you may lose all of your personal files located on the infected computer. The malware was programmed to damage user’s data to convince him to pay a ransom. The instructions on how to do so and reasons why the victim should pay the ransom should be displayed on its ransom note. The bad news is, the same as older GandCrab Ransomware’s versions; the infection's note asks to pay a huge sum, which is why we recommend considering the suggestion extremely carefully. Provided, you cannot risk throwing away so much money you should not put up with any demands. The encrypted files can be restored from backup copies if there are any, just before attempting to do so it would be safer to get rid of the malicious application. Users who have experience in deletion similar threats could follow the removal guide available below. The other option would be to use a reliable antimalware tool of your choice.