Decrypt GandCrab Ransomware for free [ Guide ]



Ransomware have become a big issue in recent times. A lot of people often reach out to me when their files get locked by some ransomware. But once your system is encrypted by ransomeware, you can do very little about it unless its decryptor is available already. Gandcrab is One of the most popular ransomeware and in this article we will discuss how we can decrypt Gandcrab Ransomware using a decryption tool developed by Romanian Police, Europol and Bitdefender.

The tool is an update on a first version that was released in February by Bitdefender. The new GandCrab decrypter is more potent and can recover data for more GandCrab versions --v1 (GDCB extension), v4 (KRAB extension), and v5 (random 10-character extension, also the current/latest GandCrab version), respectively.

The free GandCrab decryption tool will decrypt files encrypted by versions 1, 4 and 5 of the ransomware. These versions are recognizable by the extensions they use: GDCB, KRAB, and a series of random characters of various length (example: .rnsgl). Instructions on using the decryptor are available later in the article.

Bitdefender was able to create the decrypter after the developer of Gandcrab released legitimate and authentic decryption keys for victims located in Syria , out of compassion.


The most targeted countries based on all versions of GandCrab are: US, UK, China, India, Brazil, and Germany," says Bitdefender.

Decrypting GandCrab v1, v4, and v5

To use the new GandCrab Ransomware decryptor, you need to make sure you have an available copy of the ransom note as it contains a key that will be used to decrypt your files.

Once you confirm that you have an available ransom note on the computer, you should download the decryptor using the following link.


Once downloaded, start the decryptor and accept the license agreement. You will then be shown the main decryptor screen. At this screen, put a checkmark in "Scan entire system", as shown below, and then click on the "Scan" button.


The decryptor will now begin to scan for a decryption key and decrypt any files encrypted by GandCrab that it can find.


When finished, the decryptor will indicate if it had any problems decrypting files. As you can see from the image below, the decryptor stated "Some files could not be decrypted".


To determine what files were not decrypted, you can view the log files located at %Temp%\BDRemovalTool\BDRansomDecryptor\BDRansomDecryptor1600.log. The log file name may be slightly different per computer. This log file will list all files that it could not decrypt.
Top post on IndiBlogger, the biggest community of Indian Bloggers

Decryption Tool for LockCrypt Ransomware released



Popular antivirus company Bitdefender release a decryption tool which can recover files encrypted by LockCrypt ransomware . But the catch is that it can only decrypt files encrypted by an older version of LockCrypt ransomware that locks the files with .1btc extension

The Bitdefender decryption tool may not be useful for current victims of the LockCrypt ransomware, but users who still have copies of their (.1btc) encrypted files can use it to recover files. Using the tool is pretty simple, as the interface is self-explanatory.

The LockCrypt ransomware is a ransomware strain that infects victims after hackers use brute-force attacks to break into companies' networks via RDP connections, and then manually run the ransomware's binary.


LockCrypt version Status
.BI_D Not decryptable
.1btc Decryptable using Bitdefender tool
.lock Decryptable (contact Michael Gillespie)
.2018 Decryptable (contact Michael Gillespie)
.mich Decryptable (contact Michael Gillespie)

The ransomware was first spotted in June 2017, and security researchers tracked its authors to a group who was previously active on the Satan Ransomware-as-a-Service portal.

How to protect yourself from WannaCry Ransomware




Yesterday, a massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe. It is believed to be the biggest ransomware attack that the cyber community have ever seen. It has already infected over 75,000 PCs in 99 countries including United States, Russia, Germany, Turkey, Italy, Philippines and Vietnam, India in less than 24 hours.

The ransomware, called "WannaCry," is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven't updated their systems are at risk.

Countries infected with the ransomware


According to a report, the ransomware attack has shut down work at 16 hospitals across the UK after doctors got blocked from accessing patient files. Another report says, 85% of computers at the Spanish telecom firm, Telefonica, has get infected with this malware.

Once infected with the WannaCry ransomware, victims are asked to pay up to $300 in order to remove the infection from their PCs; otherwise, their PCs render unusable, and their files remain locked.

"Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."

Got scared already? Don't want to be a victim of WannaCry Ransomware?



Here are some easy steps to protect your machine and secure your files from falling hostage to online scammers.


1. Patch you operating system


First of all, if you haven't patched your Windows machines and servers against EternalBlue exploit (MS17-010), do it right now. Following the installation, make sure to reboot the system.

In general, patching your system and installing regular Microsoft updates should secure an average PC user from unwanted vulnerabilities.

2. Beware of emails


Just as with many other ransomware, it can penetrate the system not only through a Windows vulnerability, but also through the “spray-‘n’-pray” phishing attack, which involves spamming users with emails that carry a malicious attachment. The attackers can also lure a victim to click on a URL where malware will be ready to crawl into your machine.

3. Backup your files


It is highly advised, in order to protect yourself from being held hostage to data thieves, to create secure backups of important data on a regular basis. Simply backing up is not enough though, as physically disconnecting the storage device is required to avoid it being infected with ransomware as well. Cloud storage is another option to use, but it makes your data vulnerable to all other kinds of attacks.

4. Get an Anti virus


Install an anti virus if you don't have it already. Also make sure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely.