GandCrab v5 is the newest variant of the infamous GandCrab virus that started to terrorize innocent users in English Speaking countries since January 2018. The malware was spotted in September 2018 by security experts. More info here: [ Ссылка ]
Unlike previous versions, GandCrab v5 uses a random combination of letters as a file extension. For example, a file picture.jpg will be converted into picture.jpg.ghhyt after the encryption.
The malware changed its ciphering techniques as well and uses a combination of Salsa20 and RSA-2048 instead of the most standard RSA + AES mix. Nevertheless, the result remains the same - victims can no longer access personal data like videos, photos, image files, databases, MS office documents and similar.
Ransom note dropped (named by the following combination: [randomlly_generated_file_extension]-DECRYPT.html) by the C2 server also changed, and users are introduced to instructions on how to install TOR and which .onion site to visit in order to receive full instructions. As soon as victims reach the specified address, they can see details like ransom size, payment type (crooks accept Dash or Bitcoin cryptocurrency) and the time left before the payment doubles.
As usual, users are not recommended contacting cybercrooks, as it can result in money loss. Instead, remove GandCrab v5 ransomware using reputable security software and recover your files using backups or third-party software.
Microsoft Resource Kit download: [ Ссылка ]
TEXT TO COPY FOR RANSOMWARE REMOVAL:
subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=Administrators
subinacl /subkeyreg HKEY_CURRENT_USER /setowner=Administrators
subinacl /subkeyreg HKEY_CLASSES_ROOT /setowner=Administrators
subinacl /subdirectories %SystemDrive% /setowner=Administrators
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f
Download Data Recovery Pro [ Ссылка ]
