Decrypt GandCrab Ransomware for free [ Guide ]



Ransomware have become a big issue in recent times. A lot of people often reach out to me when their files get locked by some ransomware. But once your system is encrypted by ransomeware, you can do very little about it unless its decryptor is available already. Gandcrab is One of the most popular ransomeware and in this article we will discuss how we can decrypt Gandcrab Ransomware using a decryption tool developed by Romanian Police, Europol and Bitdefender.

The tool is an update on a first version that was released in February by Bitdefender. The new GandCrab decrypter is more potent and can recover data for more GandCrab versions --v1 (GDCB extension), v4 (KRAB extension), and v5 (random 10-character extension, also the current/latest GandCrab version), respectively.

The free GandCrab decryption tool will decrypt files encrypted by versions 1, 4 and 5 of the ransomware. These versions are recognizable by the extensions they use: GDCB, KRAB, and a series of random characters of various length (example: .rnsgl). Instructions on using the decryptor are available later in the article.

Bitdefender was able to create the decrypter after the developer of Gandcrab released legitimate and authentic decryption keys for victims located in Syria , out of compassion.


The most targeted countries based on all versions of GandCrab are: US, UK, China, India, Brazil, and Germany," says Bitdefender.

Decrypting GandCrab v1, v4, and v5

To use the new GandCrab Ransomware decryptor, you need to make sure you have an available copy of the ransom note as it contains a key that will be used to decrypt your files.

Once you confirm that you have an available ransom note on the computer, you should download the decryptor using the following link.


Once downloaded, start the decryptor and accept the license agreement. You will then be shown the main decryptor screen. At this screen, put a checkmark in "Scan entire system", as shown below, and then click on the "Scan" button.


The decryptor will now begin to scan for a decryption key and decrypt any files encrypted by GandCrab that it can find.


When finished, the decryptor will indicate if it had any problems decrypting files. As you can see from the image below, the decryptor stated "Some files could not be decrypted".


To determine what files were not decrypted, you can view the log files located at %Temp%\BDRemovalTool\BDRansomDecryptor\BDRansomDecryptor1600.log. The log file name may be slightly different per computer. This log file will list all files that it could not decrypt.
Top post on IndiBlogger, the biggest community of Indian Bloggers