GandCrab4 Ransomware

GandCrab4 Ransomware is no doubt a new version of GandCrab Ransomware. Mainly, it acts the same as the threat’s primary task remains to be encrypting the victim’s files and showing a message asking to pay a ransom. However, our researchers noticed there are some changes in this version, for example, the malware seems to be using a different encryption algorithm than the threats created before it. For more information on the malicious application’s behavior, you should read the rest of our article. Also, if you decide GandCrab4 Ransomware should be removed from the system, you could use the instructions we will add at the end of the text. The provided steps will tell you how to get rid of the infection manually, although if the task appears to be too difficult, it might be best to employ a reliable antimalware tool instead.

To start with, our researchers reported the malicious application is being distributed while using the same methods employed when the hackers were distributing GandCrab Ransomware. To be more precise, it looks like GandCrab4 Ransomware is being spread through compromised web pages that pretend to be offering cracked versions of various applications or games. Therefore, if your goal is to avoid such infections, it would be wise to stay away from pirated software and websites offering it. Another popular way to spread malicious applications alike is to send victims infected email attachments, which is why it is highly advisable to keep away from all the files coming from unknown sources or looking anyhow suspicious. Plus, users who want to ensure the system is always protected could acquire a reliable antimalware tool that could identify threats before they have the chance to do any harm and warn the user.

One of the most interesting parts about GandCrab4 Ransomware is its creators programmed the malware so it would not attack users who speak Russian. In fact, the threat is supposed to do nothing if it detects not only Russian, but also Ukrainian, Belarusian, Armenian, and other Slavic languages. The usual guess would be the malicious application’s developers do not want to infect users who live in the same country or speak the same language, or in this case, the hackers seem to be watching out for those using languages similar to their native tongue. Unfortunately, if you do not use a keyboard with one of the Slavic languages listed by the malware, your personal files should be encrypted with an algorithm called Salsa20. Moreover, the ruined files are supposed to have a second extension and might look similar to picture.jpg.KRAB, text.docx.KRAB, archive.rar.KRAB, and so on. Another new detail we noticed about GandCrab4 Ransomware is it does not need to connect to any servers before starting the encryption process, which means it should lock file even if there is no Internet connection.

If the malware successfully settles in and locks user’s files; its last task should be placing messages with ransom notes all over the folders containing encrypted data. According to this ransom note, the user should install the Tor browser and follow the provided link. Then, the user is supposed to pay around 1200 US dollars in Bitcoins or DASH cryptocurrency. Apparently, it is even possible to get one of the files decrypted free of charge. Of course, it should be some small and unimportant file. At this point, we think it is crucial to warn users: even if it looks like the hackers are willing to keep up with their promises, there are no guarantees they will do so and that you will not lose your savings in vain. Thus, for users who do not wish to take any chances, we would advise deleting GandCrab4 Ransomware instead.

To eliminate it manually users should take a look at the instructions located at the end of this text. They will guide you through the removal process step by step. On the other hand, if you do not think you are experienced enough and might not manage on your own, you could install a reliable antimalware tool and let it erase the malicious application for you. Users who have more questions about GandCrab4 Ransomware can also leave us comments below the article.

Eliminate GandCrab4 Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find the malware’s process.
4. Mark this process and click End Task.
5. Exit Task Manager.
6. Tap Win+E.
7. Navigate to:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Check if you can locate the malicious file downloaded before the computer got infected.
9. Right-click the suspicious file and press Delete.
10. Search for files named KRAB-DECRYPT.txt.
11. Right-click these files and press Delete.
12. Close File Explorer.
13. Empty Recycle bin.
14. Reboot the system.