How to remove GandCrab ransomware and decrypt .gdcb files (Updated)

The latest version of the virus is v5.0.9.

That page is dedicated to virus called GandCrab that gets onto customers' computers in different countries of the world, and cyphers their data. In this page we've gathered important info about what is GandCrab, and how to uninstall GandCrab from the PC. Except that, we will tell you how to get back the corrupted data, if possible.

GandCrab ransomware had infected hundreds of computers in various countries via basic manner: zero-day vulnerabilities and fraud messages with dangerous attachments. Sometimes fraudsters use trojans to infect the system, but major program developers quickly fix them. At the moment, any ransomware virus knows how to cypher video, audio, text and image files in all known formats. Virus corrupts all folders, but the ones that might be important business correspondence go first. Programs on computer will be safe since criminals are interested only in information. The operation is executed through world-known encryption algorithms, and its intricacy is so above the average level that decryption of files without a key is impossible. This is the foundation for impressive success of this type of viruses in last years: user, even having a fairly good knowledge of the computer, won't ever be able to restore the files, and will have no way out except paying the ransom. The single manner to restore the information is to crack the scammer's site or system and get the master key. Also there's a way to withdraw encryption keys due to defects in the code of the virus itself. The corrupted files acquire .gbcb extension, and the amount of ransom is 2500$.

GandCrab ransomware virus

For all types of unwanted software, one thing is true: it is much simpler to prevent it than to get rid of its effects. For encrypting software it's most relevant, since, in contradistinction to most viruses, after uninstalling ransomware from the PC, the fruits of its actions will stay. To guard your computer, you should understand these few elementary regulations:

  • Be careful with the e-mails which contain data. If you don't know the person who send an e-mail and it tells about earning any prize, a lost package or anything similar, this could be a scam message. The second very popular sort of such messages is a "business messages". It is OK to be interested and open the e-mail even if it is obviously not for you, but remember that one click on the attached file might cost you lots of money, time and headache.
  • Don't neglect the red flags that your computer displays. It requires much of computing power to encrypt the files. In few seconds of infection, the CPU speed decreases, and the encrypting process can be found in Process Manager. You might anticipate this event and unplug the machine before data will be fully damaged. Of course, the certain amount of files will be lost, but you will secure the rest of them.
  • Take notice to the pop-ups. If the PC is infected by GandCrab, it will endeavour to eliminate all copies of your files, to decrease the chances of recovery. The deleting of shadow copies needs admin rights and operator's verification. If you'll stop for few seconds before confirming the dialogue box, it can save your data and your time.

We draw your attention to the fact that the elimination of ransomware is only the first and obligatory move for the regular operation of the system. If you delete ransomware, you will not recover the files instantly, it will take additional actions described in the "How to restore encrypted files" paragraph. To remove the ransomware, you have to load the PC in safe mode and run the scanning through antivirus software. Some ransomware can't be deleted even through antivirus-tool, and have lots of efficient mechanisms of security. Qualitative encrypting viruses are able to fully delete encrypted information, or part of it, if somebody tries to uninstall the program. To neutralize this, abide to the advices under this paragraph.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab

Startup

Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

 

Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After uninstalling the malware from the system, you should get back the corrupted data. In fact, this is not about decipherment, because the encrypting methods owned by web-criminals are extremely complex. There are the certain chances, but generally file restoration takes plenty of time and efforts.To restore files with software, try to use Data Recovery Pro by Pareto. It can help you to restore information.

Data Recovery Pro

Why we recommend Data Recovery Pro

Recover Any File Type

Use Across Devices

Navigate Easily

If you choose the independent information restore - read this item, which shows all the very effective methods: the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.