Infected with GandCrab v5.1 Ransomware? Need to decrypt your files?
What is GandCrab v5.1 Ransomware
GandCrab v5.1 is the latest version of a horrible virus Gandcrab. Infiltration by this virus might be devastating to all data on your PC. As the previous versions of GandCrab: Gandcrab v5.0.4, GANDCRAB V5.0, GANDCRAB 4, GANDCRAB V3, Gandcrab 5-1 usually encrypt all users files, creates a ransom note, where users will offered decryption for money (more than $500). Our recommendation is to avoid to pay, because real decryption is not guaranteed, and all virus developers have a questionable reputation. We recommend trying to remove this virus and try to decrypt GANDCRAB v5.1 files
--= GANDCRAB V5.1 =---
***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************
*****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****
All your files, documents, photos, databases and other important files are encrypted and have the extension: .HYBOKLEM
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
| 0. Download Tor browser - https://www.torproject.org/
| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/da9ad04e1e857d00
| 4. Follow the instructions on this page
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
IN ORDER TO PREVENT DATA DAMAGE:
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW
---BEGIN GANDCRAB KEY---
---END GANDCRAB KEY---
---BEGIN PC DATA---
---END PC DATA---
Note: we recommend to not accept scammers offers because they demand $2000-3000 in Dash for the decryption key. They can trick you easily, and try to encrypt your files again. As in previous versions, scammers require you to download a special browser and click on the link provided for later payment of the ransom, so we strongly advise you not to pay anything to the attacker. Better to carefully read our recommendations, which we have indicated below.
How GandCrab 5.1 infected your PC
Developers change the name of the virus file extension and more, however, the path of penetration of the computer remains unchanged. As a rule, this comes in the form of an attachment to a spam mailing list or as a false update for a program. The main reason for such penetrations is that users very rarely resort to using antiviruses rather than paid versions. Try to use proven antivirus software to prevent the attack of crypto viruses, in particular, GandCrab v5.1 In case it has already encrypted your data, then we strongly recommend using our guides to remove this Gandcrab virus and decrypt files encrypted by GandCrab v5.1
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the GandCrab v5.1 virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Step 2: Remove following files and folders of GandCrab v5.1:
Related connections or other entries:
How to decrypt files infected by GandCrab v5.1?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although latest versions of GandCrab v5.1 remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Written by Tim Kas