Ransomware have become a big issue in recent times. A lot of people often reach out to me when their files get locked by some ransomware. But once your system is encrypted by ransomeware, you can do very little about it unless its decryptor is available already. Gandcrab is One of the most popular ransomeware and in this article we will discuss how we can decrypt Gandcrab Ransomware using a decryption tool developed by Romanian Police, Europol and Bitdefender.
The tool is an update on a first version that was released in February by Bitdefender. The new GandCrab decrypter is more potent and can recover data for more GandCrab versions –v1 (GDCB extension), v4 (KRAB extension), and v5 (random 10-character extension, also the current/latest GandCrab version), respectively.
The free GandCrab decryption tool will decrypt files encrypted by versions 1, 4 and 5 of the ransomware. These versions are recognizable by the extensions they use: GDCB, KRAB, and a series of random characters of various length (example: .rnsgl). Instructions on using the decryptor are available later in the article.
Bitdefender was able to create the decrypter after the developer of Gandcrab released legitimate and authentic decryption keys for victims located in Syria , out of compassion.
Decrypting GandCrab v1, v4, and v5
When finished, the decryptor will indicate if it had any problems decrypting files. As you can see from the image below, the decryptor stated “Some files could not be decrypted”.
To determine what files were not decrypted, you can view the log files located at %Temp%BDRemovalToolBDRansomDecryptorBDRansomDecryptor1600.log. The log file name may be slightly different per computer. This log file will list all files that it could not decrypt.