GandCrab4 Ransomware

Posted by Max Lehmann on August 6, 2018

What is GandCrab4 Ransomware?

GandCrab4 Ransomware is a malicious application that can encrypt files even if there is no Internet connection. However, our researchers at Anti-spyware-101.com also found out the malware does not encipher any data if it finds clues suggesting the victim could be using a Slavic keyboard. Naturally, because of this, users from particular countries might be less likely to encounter this threat. In case you happen to come across it and have no idea what to do now, we would recommend reading our full report to learn more details about GandCrab4 Ransomware. What’s more, since we advise deleting the malware instead of putting up with any demands from the cybercriminals behind it, you will find instructions explaining how to erase it manually slightly below the article.testtest

Where does GandCrab4 Ransomware come from?

Our researchers say GandCrab4 Ransomware is most likely the newest addition to the GandCrab Ransomware family. Meaning, besides having a similar working manner, the malicious application could be spread via the same distribution channels. For instance, it might be harmful web pages suggesting the user installs fictitious updates, game cracks, pirated programs, etc. Consequently, users who are looking for software or updates to download should be extra cautious. It is best to download tools from their official web pages and official distribution websites. Nevertheless, it is vital to remember even fake or malicious applications can have official web pages, which is why it is essential to find out about the company that developed the software first and learn if it can be trusted. For extra protection, it would be best to keep your browser and antimalware tool up to date so they could help you detect potentially dangerous content.

How does GandCrab4 Ransomware work?

GandCrab4 Ransomware does not need to create any additional data so it could start enciphering targeted files. In other words, the malware might begin encrypting your files the moment it is launched. As we said earlier, the threat does not even need an Internet connection. Our specialists say it should be after user’s photos, pictures, documents, videos, and other data considered to be private. The targeted files should have a second extension at the end of their titles, e.g., a text file named chapter_one.pdf would turn into chapter_one.pdf.KRAB.

Soon after GandCrab4 Ransomware verifies that the user’s computer does not use Russian keyboard or keyboards of other Slavic languages and finishes enciphering targeted files; it should create a text document called KRAB-DECRYPT.txt. Our researchers say the cybercriminals might generate a lot of copies of it and drop them in all directories where encrypted files can be found. If you open this document, you should see instructions on how to obtain the other part of instructions explaining how to pay a ransom. At the moment of writing, it is $1200, and the hackers threaten to raise it up to $1600 if the user does not pay in time.

Needless to say, the sum is rather huge, and with no reassurances the user will get his files decrypted, we believe it would be too risky. Thus, our advice is not to allow the cybercriminals behind the malicious application scare you and eliminate the malware at once. If you have backup copies, you could use them to replace encrypted files as soon as the system is clean again.

How to erase GandCrab4 Ransomware?

There are a couple of options for those who do not want to put up with any demands. Less experienced users could download a legitimate antimalware tool of their choice and perform a full system scan to locate and get rid of GandCrab4 Ransomware with automatic features. As for users who feel up to the task we could offer the removal steps available below this paragraph.

Remove GandCrab4 Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Search for the threat’s process.
  4. Select this process and click End Task.
  5. Leave Task Manager.
  6. Tap Windows key+E.
  7. Navigate to the following paths:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. Find the file that infected the device.
  9. Right-click the malicious file and press Delete.
  10. Locate KRAB-DECRYPT.txt, then right-click it and all of its copies to press Delete.
  11. Close File Explorer.
  12. Empty your Recycle bin.
  13. Restart the system. 100% FREE spyware scan and
    tested removal of GandCrab4 Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *