- Slow Computer
- System crashes
- Installs itself without permissions
- Can't be uninstalled via Control Panel
Gandcrab2 Ransomware is most likely a new version of a threat called GandCrab Ransomware. Our researchers say this malicious program should encrypt user’s files and then mark them with .crab extension. Unfortunately, for the decryption of such data the malware’s developers want to get 800 US dollars from each victim. No doubt, it is not exactly a small sum, and we do not think a lot of users would want to risk losing it in vain. As you see even if the hackers who created Gandcrab2 Ransomware guarantee they will deliver the promised decryption tool, in reality, there is not knowing whether they will be willing or able to do so. Therefore, instead of risking your savings we recommend erasing this malicious program. Its removal will not decrypt any files, but it will clean up your system, and once it is secure you could use backup copies if you have them. To learn how to eliminate this threat, you should not only read the rest of the text but also see the instructions placed below it.
Soon after, Gandcrab2 Ransomware enters the system it might create a few new files or copies of its launcher (the suspicious file you opened before the system got infected). Then the malicious program should start the encryption process during which it might lock various documents, photographs, pictures, archives, and other private files. All of them should be marked with .crab extension, for example, roses.jpg.crab, speech.docx.crab, family_trip_photos.zip.crab, etc. Needless to say, files marked with this extension become unusable as the computer cannot recognize them. Removing the extension will not change anything, except if volunteer IT specialists manage to create a free decryption tool, it may not work on files that do not have the malware’s extension. Thus, if you do not have any backup copies and the threat damaged a lot of valuable data you would like to get back, it might be best to leave locked data be and see if someone from volunteer IT specialists will manage to create a decryption tool you could use.
Users who have no other way to recover encrypted data could also consider paying the ransom. Right after Gandcrab2 Ransomware locks all targeted files, it should drop a ransom note claiming the user can get his files back if he follows the provided instructions. Completing these steps should get the victim to the malware’s web page where the user can find learn what to do to pay the ransom. The asked price at the moment of writing seems to be 800 US dollars. It is not a sum one could easily throw out, and if you are among the people who do not want to waste their savings, we would recommend not to put up with any demands. There are always cases when users who pay the ransom and follow all instructions still end up being tricked as you can never know if the hackers are telling you the truth. Consequently, instead of risking your savings, we advise erasing it manually by following the instructions located a bit below this text or with a reliable antimalware tool of your choice.
Eliminate Gandcrab2 Ransomware