Gandcrab v5.0.4: Another New Destructive Ransowmare Version Released Under Gandcrab Series

Gandcrab v5.0.4 is discovered by security experts recently as a new variant of high potential ransomware under Gandcrab series. Its prior versions has reportedly made a large number of disruptions over targeted computers globally and made really a good profit for its creators. It also seems such hackers are in no mood to spare users and keep improving their ransomware source codes day by day and spreading new variants after a few days interval. So far, the newest version detected under name of GandCrab is Gandcrab v5.0.4 that is designed and developed only to infiltrate computers and encrypt stored files on PC. Alike all its prior version, Gandcrab v5.0.4 also encrypts the files with highly advanced cryptgraphic ciphers and add a ransom appendix to affected file. The appended extension added in case of Gandcrab v5.0.4 affected files is “.rotxkry”. Means, a file named random.jpg will be converted into random.jpg.rotxkry. Means, the files will merely turn useless in no time and throw a ransom note just to demand ransom money.

Under this newly released Gandcrab version 5.0.4, the developers are found using picture of Valery Sinyaev, who is a most renowned Finance and Operating professional. We don’t know why developers of Gandcrab v5.0.4 is using his picture as this specific person has nothing to do with identified ransomware variant.

Since most of the ransomware probably alters desktop wallpapers to throw scary messages for users, Gandcrab v5.0.4 also do such alterations and puts a short note on desktop screen that user’s data is encrypted. However, the note also describes the users to read detailed information about the infection through ransom note deployed by malware in text format. The same ransom note even appears on screen when an affected file is launched. If you read the information mentioned through note, it reads that data is encrypted and can only be recovered with a valid and unique decryption key, but is stored on hacker’s owned remote servers. For victims, it’s very unfortunate to say the information is real and all your affected file hostage now belongs to hackers. To access them, you might require the passcode for which you would have to pay a ransom amount to criminals, unless you manage somehow to restore your affected data through other methods. Since there’s no cracked information about Gandcrab v5.0.4’s used cryptographic enciphers, it’s really not possible to share any free data recovery tool to disinfect files and restore your host over them.

Talking about demanded ransom money by hackers who created Gandcrab v5.0.4, they are asking around $800, but through digital currency wallet like Bitcoin or DASH cryptocurrencies, to hide their identity. They use to deploy a countdown timer on infected computers to show users have a limited time to do something in order to restore their files, basically, just to pay ransom money, else the affected data will be deleted permanently.

How Gandcrab v5.0.4 mainly enter inside computer, and what are the suggested methods to overcome its issues?

According to researchers, Gandcrab v5.0.4 is maily distributed through a number of possible ways which includes through Trojans, spam email campaigns, fake software updates, peer to peer file distribution, un-secured networks, un-official software download sources and many more. In most of the cases, a Trojan horse infection often plays a role to contaminate a system by using its vulnerabilities and download ransomware files on remote computers secretly. Once downloaded and installed, the source codes of Gandcrab v5.0.4 internally executes and takes over all files along with doing other malign acts. Although, there’s no method to restore encrypted files practically because they will require to input a valid decryption key or passcode. But we would like to suggest you a few steps that might be helpful to eradicate this vermin. At first, you are recommended to remove Gandcrab v5.0.4 and its effects through using a powerful malware scanner. Once removed, the system can be freed up against malware impacts, but affected files can not be recovered still without decryption key. In such cases, it’s suggested to restore your lost data using a previous backup copy saved on external drives, or through other data recovery modes.


Steps To Remove Gandcrab v5.0.4 From Compromised Computer

The infections like Gandcrab v5.0.4 or similar ones or those belong to other malware category are all designed to generate with only ill intention to make money for its developers who make use of any technique to force you down. However, most of the security experts associated with different security associations say this is not much harmful browser and can be removed from an infected computer by getting through some steps. If you follow the steps in the same order and with full attention as described in the procedures below, we hope you can also free up your PC easily. It’s recommended to take a hard copy of the guidelines on paper or get another computer to assist you following the steps without any hassles.

Step 1:Track and remove Gandcrab v5.0.4 from computer’s processes from task manager.

Step 2:Locate and delete the definition of this program from startup files, registry files, and host files.

Step 3:Removal of Gandcrab v5.0.4 from all reputed browsers.

Step 4:Delete Gandcrab v5.0.4 with an automatic solution(The Safest and most recommended method)

Step 1: Track and remove Gandcrab v5.0.4 from computer’s processes from task manager.

  • Launch the Task Manager by pressing a key combination CTRL+SHIFT+ESC simultaneously.

  • Review the suspicious processes and note down its file location on computer.end-malicious-process

  • Terminate the processes now.

  • Open the “Run” command box and enter the noted down location to open in file explorer.

  • Delete the file permanently.

Step 2: Locate and delete the definition of this program from startup files, registry files, and host files

  • Launch the file explorer or any folder from my computer.

  • Click on “View” option in the above Menu (Older Windows version’s user may go to control panel to open “Folder options”)

  • Choose “Folder and Search Options”

  • Click over “View” tab.

  • Scroll down to find “Show hidden files and folders” option, and check it in the check box.

  • Find “Hide protected operating system files” and uncheck it. (This will allow you to see super-hidden files in any folder to identify the suspicious ones.)

  • Click “Apply” then “Ok”

Cleaning Gandcrab v5.0.4 definitions from Windows registry

  • To open Windows registry editor, click Win+R combination.

  • Type “regedit” ro simply copy and paste in the command line

  • Press Ok.

  • Navigate to below mentioned registry files depending on your OS versions (32 bit or 64 bit) and delete the files.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or


  • Now Launch the Windows explorer and navigate to %appdata% to find and delete suspicios executable files from there, and close the window.

Fixing Hosts file to block the unwanted redirections on all active browsers

  • Open windows explorer and navigate to Windows directory.

  • Go to System32/drivers/etc/host

  • open the host file and notice it. If the system is hijacked by the infection you would see several IP definitions at the bottom.

  • Select those IP addresses and delete them. (Don’t delete the local host entry)

  • Save and close the file, and exit the explorer window.

Step 3: Removal of Gandcrab v5.0.4 from all reputed browsers (Steps included for Chrome, Firefox & Internet Explorer)

Google Chrome

  • Launch Chrome browser.

  • Click over the main menu icon and select Tools or More Tools, then Extensions.

  • Scroll down to notice the list of installed extensions to find suspicious one and click the bin option beside it.

  • Click remove button to confirm the deletion.

  • Finally, Reset the Chrome settings to default leaving nothing behind.

Mozilla Firefox

  • Launch the Firefox and press CTRL+SHIFT+A to open extension Window.

  • Look for the Gandcrab v5.0.4 extension and Disable it.

  • Now go to Help section.

  • Click over Troubleshooting information then hit the Reset button.

  • Confirm the act to reset the browser.

Internet Explorer

  • Simply, open the browser and click thee Gear Icon on the upper right corner.

  • Navigate to Internet options and click it.

  • Now, navigate to Toolbars and Extensions, to see the list of installed addons to find unwanted one.

  • Disable or delete the selected extensions permanently.

  • In order to reset the Ie, click over Advanced tab, and click Reset.

  • Press OK button to confirm.

Cleaning the browser’s shortcuts on the computer is also recommended in most of the cases and should be accomplished for all installed browsers, for which the steps are:

  • Select the browser short-cut, and right click on it.

  • Navigate the properties and click it.

  • In the opened window, find the target option, and remove the argument for Gandcrab v5.0.4 .

  • Apply the changes.

Step 4: Remove Gandcrab v5.0.4 with an automatic solution

Although the removal method through manual instructions are effective and proven to provide the best results, still some of the victimized users may fail to get the results as per their desire. This can happen due to lack of technical consent to access most of the administrative utilities as used in above guidelines. If you also got stuck through the instructions or seeking the safest method which needs not any high end manual steps, then opting an automatic solution could be the best solution. You just need to do a few instructions taken in practice to install and scan the system deeply that will fix all issues and remove Gandcrab v5.0.4 completely. The required steps to do so is all here mentioned.


Easily remove all online trending threats from your PC safely at just single click.

Step 1:Download and install Gandcrab v5.0.4 removal tool and install it on your computer (Note:this is a free scanner that will detect the present malwares on your system only. In order to fix the threats completely, you would have to buy its full version to remove the threats.)

Step 1

Step 2: After the installation is finished, run the scanner and you will see the two options as depicted in the image below. Click on “Scan Computer Now” button.

Step 2

Step 3: In this step, you would see the scanning process bar with detection of found threats and its short description along-with its categorized thumbnail.

Step 3

Step 4: Lastly, the scanner finishes scanning the computer to show full list of detected threats on computer. Just click on “Fix Threats” button to complete the removal that hardly takes a few moments depending upon the nature and severity level of the malware items.

Step 4