New Version of GandCrab Ransomware Appends 5 Character Extension To Encrypted Files

Recently, team of cyber hackers has introduced a new version of file encrypting malware named GandCrab v5 Ransomware that belongs to GandCrab family. Being a system user, almost all are familiar with a fact that GandCrab is one of the most infamous and widespread data locking virus. The con artist of this ransom virus evolves with several newly updated features under the constant development to target several countries. This time GandCrab ransom virus comes with more improved, enhanced and vicious.

Most Notable Thing About GandCrab v5 Ransomware

First of all, GandCrab v5 Ransomware has been noticed by security analyst on September 24, 2018. It is reported by the most popular malware researcher named MarceloRivero and its is demonstrated with several features that were not present in the predecessor variant of GandCrab named GandCrab, GandCrab 2, GandCrab 3 and GandCrab 4. The most notable thing about this file encrypting malware is that it doesn’t require Internet connection to compromise Windows PC.

Get Familiar With Encryption Mechanism of GandCrab v5 Ransomware

The working principle of GandCrab v5 Ransomware is similar to the predecessor variant of GandCrab. It also enters inside the PC without user awareness and then after immediately start the encryption procedure to encrypt user files. This latest or newer version of GandCrab uses highly advanced and sophisticated and double encryption algorithm. First of all it uses Salsa20 cipher and then uses RSA-2048 algorithm to lock files so that victims cannot easily decrypt their file. It uses WMIC.exe shadow copy delete command to remove almost all Shadow Copies of files.

Know About The File Extension & Lock Screen of GandCrab v5 Ransomware

Several variant of GandCrab ransom virus often used .CRAB file extension to lock files and makes them inaccessible but GandCrab v5 Ransomware uses more personal and unique string that made out of 5 several characters like .[5-random-char]. The same random character plays a part in ransom note’s name later including [same-5-extension-characters]-DECRYPT.html. Additionally, it changes victim’s desktop background image.

Ransom Note of GandCrab v5 Ransomware

No Need To Pay Ransom Fee Asked By GandCrab v5 Ransomware

GandCrab v5 Ransomware is capable to target almost all file types including audio or video files, images, documents, PDFs, spreadsheets, databases and many more and then after make them inaccessible. Once making files inaccessible, it delivers a ransom note and asks victims to pay ransom fee. Right now GandCrab v5 Ransomware asks for $2400 in Bitcoin/DASH. In the ransom note, hackers offered TOR link that provides a very detailed explanation . Since the cost of ransom fee is too much high, so its developer offers user to try to recover few files for file just for user satisfaction. Despite of all fact, security experts are highly advised victim to delete GandCrab v5 ransom virus instead of paying the ransom fee.

Leave a Comment

Your email address will not be published. Required fields are marked *