Gandcrab V4 belongs to the GandCrab Ransomware family or to be more precise the malicious program is its latest addition. Our specialists say it has changed quite a lot from its early versions and became more dangerous as well. It appears to be the malware can encrypt lots of various files, and it can complete this process even if there is no Internet connection. Victims of the threat can easily separate damaged data from by the additional .KRAB extension that should be added to each affected file. Also, the threat’s victims should receive a ransom note explaining how to pay a ransom and decrypt locked data. The problem is, the payment the hackers behind Gandcrab V4 want to get is a large sum, and since there are no reassurances these people will hold on to their word, we believe complying with their demands could be hazardous. Users who do not want to take any chances are advised to remove the infection at once, and if you decide to do so, you could use the deletion instructions located below.
It looks like the most likely way to receive a threat such as Gandcrab V4 is visiting potentially malicious web pages or downloaded unreliable installers. Therefore, if you want to make sure this infection will not enter your system as well, you should stay away from untrustworthy web pages and download software only from legitimate distributors. Besides, our specialists advise strengthening the computer’s security. For example, you could update the software that might be out of date, install a reliable security tool, perform regular check-ups, etc. Another thing we should mention is the malware should not damage computers that have a Russian keyboard. The malicious program’s developers added a function for checking whether the device uses the mentioned keyboard layout and in case, it does the encryption process does not begin. In other words, the hackers do not target people who use Russian and few other Slavic languages too.
After confirming the computer does not have a Russian language layout the malware should begin encrypting various user’s files and marking them with the earlier mentioned .KRAB extension. What is new in Gandcrab V4 is the threat uses a different cryptosystem called Salsa20. Plus, as said earlier it can lock files even when there is no Internet connection, which means interrupting the process could become more difficult. Of course, like many other ransomware applications, it should work silently in the background, making it nearly impossible for less experienced users to notice anything. Afterward, the malware should drop a text document with a ransom note. It instructs the user to go to a particular web page where further instructions will tell how to pay the ransom and get Gandcrab V4’s encrypted files decrypted. The price might be between 1200 and 1600 US dollars. We have no doubt many users may find the price too huge. What is necessary to realize, no matter what the note says, in reality, anything could go wrong, and the user might be left with an emptier wallet and still no files.
Under such circumstances, our specialists advise not to put up with any demands if you do not want to take any chances. Instead, we recommend removing the threat from the system. The moment it is gone it should be safe to switch encrypted files with copies from backup, provided you have one. Those who would like to try to erase Gandcrab V4 manually could use the steps located at the end of this text. On the other hand, if it does not look like you can handle it, you should get a reliable security tool and let it delete the infection for you.