Chat with us
Cart 0
 

Coveware reduces GandCrab ransomware costs and downtime.

We specialize in GandCrab ransomware removal and recovery.


gandcrab payment.png

Coveware is the most efficient and effective ransomware removal and recovery service.

Call or email us 24/7 for a free consultation. Our support team responds immediately.

(203) 442-4050

Name
Name




 

Recognized and compliant ransomware incident response.

 
 

Our cyber security professionals are reputable and trusted. Learn more.

 
 

GandCrab Ransomware Payment & Decryption Statistics

 

GandCrab incidents are much shorter than other types of ransomware due to the automated TOR site used for payment collection and decrypter tool delivery. Read more about how to recovery and use the GandCrab decrypter tool here.

Average Length of Ransomware Incident

The amount of time from reporting to full data recovery of a GandCrab Ransomware incident

GandCrab Ransomware Case Outcomes

The outcome of GandCrab Ransomware incidents
 

GandCrab Ransomware has a high success rate after a ransom payment is made. Relative to other types of ransomware, the decryptor tool is relatively straight forward to use.

 

Immediate GandCrab Recovery Help

Due to the drag-net nature of GandGrab ransomware, infections are typically less targeted. Recovery efforts are usually less time consuming than average and data recovery rates are also high, ~98%.

For immediate assistance contact us or call 24/7 Support: (203) 442-4050

Name
Name



 
 

GandCrab Ransomware Frequently Asked Questions

1. Are there free GandCrab decryption tools?

UPDATE: Versions 1, 4, and some versions of 5 have a free decryption tool available from Bitdefender.
We have seen reports of a new version (5.0.5) that breaks the decryptor.

Some active GandCrab ransomware variants can not be decrypted by any free tool or software. If you submit a file example to us, we will have a look for free and let you know. There are also good free websites that you can upload a sample file to and independently check. You should NOT pay a data recovery firm or any other service provider to research your file encryption. They will use the same free resources noted above…so don’t waste your money or time!

2. How did I get infected with GandCrab ransomware?

Most GandCrab ransomware is laid directly by a hacker that has accessed an unprotected RDP port, utilized email phishing to remote into a network via an employee’s computer, or utilized malicious attachments, downloads, application patch exploits or vulnerabilities to gain access to a network.

3. What are recent GandCrab ransomware file extensions?

.Crab or more recently with GandCrab V5, files have a random 5 character extension added:

file name.[XYXYX]

The ransom notice will be a .txt file named

file name.[XYXYX-DECRYPT].txt 

Do not lose this file once you find it!

Example GandCrab V5 ransom notice .txt file

4. What does a GandCrab ransom notice look like?

GandCrab ransomware hackers will leave a .txt file notice behind that will be prominent and easy to find. It commonly looks like like the image to the right. It includes a TOR site to visit for instructions.

Note: We do not advise that any person or company contact a hacker and negotiate directly. Cyber criminals can be difficult to communicate with. Let a professional assist you.

 

WHAT OUR CUSTOMERS ARE SAYING

"Remediating a ransomware incident for a current or prospective client is stressful. The future of the client relationship, and sometimes the operability of the client's business are at stake. It is a lot of pressure for a managed service provider to take on, especially as downtime mounts. Coveware's solution shoulders a lot of that burden, dramatically improving the experience, and most importantly shrinking the time to recover."

- Adam Wipp, Helm MSP 


 
bg9.jpg
 

A 4-Step recovery plan with time and cost estimates

 

Step 1 - Explore free remediation options

Step 2 - Communicate with your hackers.

Step 3 - Easy ransomware payment.

Step 4 - Restore data & end downtime.

1st Hour - Free!

  • Identify your ransomware

  • Find free decryptor tools

Hours 2-5

  • Secure & safe negotiations

  • Determine ransom payment

Hours 5-6

  • Zero transaction fees

  • Transparent transactions

Hours 6+

  • Professional IT recovery

  • Insurance documentation

 

RANSOMWARE FREQUENTLY ASKED QUESTIONS

WHAT INFORMATION DO I NEED TO PROVIDE?

You will need to provide information from both the ransom notice and a sample encrypted file. We will schedule a call to discuss the severity of the attack, the operability of your company and the likely timeline / cost of recovering from the attack. You will also need to provide identifying information on your company, and an authorized representative of your company.

HOW MUCH WILL THIS COST?

You are already being extorted; we don’t think you deserve to pay another large fee. Coveware charges flat daily service fees that vary based on the complexity of your case. We do not charge spreads of fees tied to the size of the ransom amount. Our fees will never be even close to the amount of the ransom demanded by the cyber criminal, and you should be skeptical of why any other service provider would charge a fee that high.

WHAT ABOUT FIRMS THAT HAVE TOLD ME THEY CAN DECRYPT MY FILES WITHOUT PAYING THE HACKER?

You should be extremely skeptical of any data recovery firm that claims they can decrypt ransomware. Typically they are just paying the cyber criminal without your knowledge and pocketing the difference between the ransom amount and what they will charge you. Know the facts before you engage. If the ransomware IS decryptable, the tool can be found for free. If not, purchasing a key from the cyber criminal is the only way to unlock your files. While Coveware does not condone paying cyber criminals, we recognize it is often the only choice if backups are not available or have become compromised as well. If that is the case, you deserve an honest, transparent experience.

WILL THE RANSOMWARE PAYMENT BE SUCCESSFUL?

There is no guarantee that paying the ransom will result in a working decryption tool being delivered. However, Coveware believes that data aggregation can help customers make the most informed data-driven decisions. Since we handle lots of cases of the same ransomware types, we are able to share our experiences and help customers decide how to proceed.

HOW DO I UNLOCK MY FILES?

If the ransomware payment is successful, a decryption tool & key is provided by the hacker that can be used to manually decrypt your files.

HOW DO I PREVENT THIS FROM HAPPENING AGAIN?

There are some common security mis-configurations that lead to a ransomware attack. We can share some tips and resources for preventing future attacks, but encourage companies to perform a full forensic review or security assessment as soon as possible. Consistent investment in security IT is the best antidote to preventing future attacks.