Gandcrab Ransomware is a widespread ransomware, nowadays it evolves with newly updated features under constant development to target various countries.
GandCrab v5 has been released with a few noticeable changes. The most noticeable changes are that the ransomware now appends a random 5 character extension on the encrypted files and creates HTML ransom note.
Security researcher nao_sec has discovered that the GandCrab v5 ransomware is currently being distributed via malvertising that redirects to sites hosting the Fallout exploit kit. As the exploit kit utilizes vulnerabilities in the visitor's software to install the software, a victim will become infected without knowing about it until they find the encrypted files and ransom note.
Like previous versions, there is no way to decrypt victims of GandCrab v5 for free. For those who wish to discuss this ransom or receive support, you can use our dedicated GandCrab Help & Support topic.
GANDCRAB V5.0 is a severe cryptovirus that belongs to the notorious ransomware family GandCrab. In case of infection with this iteration of the threat, valuable files stored on the computer will be encrypted and marked with an extension of five ransom letters. With the help of a few ransom messages ransomware creators will attempt to blackmail you into paying them a ransom of $2, 400 in DASH or Bitcoin. Your desktop wallpaper will be also changed with instructions provided by hackers.
“When I tested the ransomware it appended the .lntps extension to the encrypted file’s name, for example, test.doc has been encrypted and renamed to test.doc.lntps,” wrote Lawrence Abrams.
Victims could potentially restore encrypted files with the help of alternative data recovery tools. Victims can use Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice. This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only a few of them, depending on the situation and whether or not you have reformatted your drive.