Remove Gandcrab v5.0.9 Ransomware (+File Recovery)

How to Remove Gandcrab v5.0.9 Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

—= GANDCRAB V5.0.9 =—

Attention!

All your files, documents, photos, databases and other important files are encrypted and have the extension: .SPSJHW

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only and only we can recover your files.

The server with your key is in a closed network TOR. You can get there by the following ways:

—————————————————————————————–

| 0. Download Tor browser – https://www.torproject.org/

| 1. Install Tor Browser
| 2. Open Tor Browser
| 3. Open link in TOR browser http://gandcrabmfe6mnef.onion/371525fbc2a9ddd2
| 4. Follow the instructions on this page

—————————————————————————————–

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

ATTENTION!
IN ORDER TO PREVENT DATA DAMAGE:
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

—BEGIN GANDCRAB KEY—
IAQAADcGuK20868jo rVSSQNHeCNCzn LVthNchP1cchrZ+ZK64yengprthG 1oan 1 BmSjZWIVyseGGDBKUiOnX4NfUDgoNh rthhDaVWAetprp+ystBhHoerAGVbtaprwIXUeKItyFQJUkFlmE+J9/91W3ngfXUDpB13408PijhAwijqUnWNZBMXD4TQrv… [REDACTED] —END GANDCRAB KEY—

—BEGIN PC DATA—
wfKD6iudumBkmpL8IRr4U7WxEFa3OW3tyzxyOuL12FYqvNmWPB5KYaxd5ZYqTpNRu3YM7nNWsbfaTHGHjR4qBMvz39M074b6dEHXDG/iHZJy8+LFIv/dmMngioqtOiJtTit2DjRIuBtNYA==
—END PC DATA—

Gandcrab v5.0.9 is the newest variant of the infamous Gandcrab Ransomware. This parasite sneaks into your system and wreaks utter havoc. The virus follows programming to lock your files and to blackmail you. The ransomware is notorious for its stealth. In complete silence, Gandcrab v5.0.9 slithers into your OS and corrupts everything. It alters settings, modifies the Registry, drops files, and starts malicious processes. The parasite would then scan your system for user-generated files. It targets your pictures, documents, videos, databases, and archives. It encrypts these files with a strong combination of encryption algorithms. You can distinguish the corrupted files by the .SPSJHW extension. Thus, if you have a file named “example.txt,” the virus will rename it to “example.txt.SPSJHW.” You can still see the icons of your files, but you can neither open nor edit them. The virus makes your device useless. This parasite gets your files under lock and key and blackmails you for an astonishing sum. It demands between $1000 and $2400 USD paid in either Bitcoin or DASH. Gandcrab v5.0.9 is a nasty virus. It wreaks utter havoc. Currently, there is no third-party decryption tool for this ransomware’s lock. You are advised not to contact the threat actors, though. These criminals are notorious for double-crossing their victims. Consider discarding your data. If you have file backups, you can use them to restore your files. Of course, before you attempt any fire-recovering operations, make sure that the ransomware is completely removed!

How did I get infected with?

Gandcrab v5.0.9 does not target individual users. No, it has other plans. The virus relies on mass-distribution strategies to reach a broad spectrum of potential victims. The key word here is “potential.” The virus infects your device only if you let your guard down. Torrents, spam emails, fake updates, corrupted links; there are myriads of ways for Gandcrab v5.0.9 to reach your computer. Do not make its job easier. No anti-virus app can protect you if you act recklessly. The key to the secure and virus free device is caution. Always take the time to do your due diligence. Enforce a strong security policy. Don’t visit shady websites. Download software and updates from reputable sources only. And be very careful with your inbox. The good old spam emails are still the number one cause of virus infections. Treat all unexpected messages as potential threats. Verify the senders before you open the letters. If you receive an unexpected email, from your bank, for example, go to their official website. Compare the email addresses listed there to the questionable one. If they don’t match, delete the pretender immediately. Be vigilant and doubting. Even a little extra attention goes a long, long way!

Why is Gandcrab v5.0.9 dangerous?

Gandcrab v5.0.9 Ransomware is a complete and utter menace. It slithers into your system and wrecks everything. The virus makes your device unusable. It corrupts your files and prevents you from accumulating new ones. Everything you download or create gets locked. Yes, you can still browse the Web, but such actions would be hazardous. The ransomware is very likely to spy on you. This parasite has many characteristics of a Trojan horse. It monitors your system. You wouldn’t want the hackers to steal your usernames, passwords, and credit card details, would you? The nasty virus wrecks your system. It holds your files as hostages and demands an astonishing ransom. Do not swing into action! Do not pay the ransom! You are dealing with criminals. You cannot expect them to keep their word. Practice shows that the hackers tend to ignore the victims once they receive the ransom. There are also cases where the victims received a decryption tool, but it worked only partially. And, of course, let’s not forget that the decryption process removes the lock, but It doesn’t delete the virus. What will you do if you restore your files only to have them re-encrypted hours later? How many times are you willing to pay for your own data? Do not play games with criminals. You cannot win. Do what’s best for you and your system’s well-being, remove the nasty Gandcrab v5.0.9 ransomware the first chance you get. The sooner this menace is gone, the better!

Gandcrab v5.0.9 Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Gandcrab v5.0.9 Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Gandcrab v5.0.9 encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Gandcrab v5.0.9 encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.