A blog post, which is created to explain what are .GDCB files and how to remove the GandCrab ransomware virus from your computer plus how to restore files encrypted by it.
New ransomware virus has seen a rapid rise in infections, calling itself GandCrab. The virus aims to encrypt the files of the computers infected by it after which adds the .GDCB file extension to the encoded files. The malware then aims to drop a ransom note file, which demands money from the victims and gives a threatening deadline and if you not pay in time, the cyber-crooks threaten to delete the files on your computer. If your computer has been infected by the .GDCB files virus, we advise you to read the following article and learn how to remove .GDCB ransomware and how to restore encrypted files on your computer.
| Threat Name | .GDCB Ransomware |
| Category | Ransomware virus. |
| Main Activity | Infects the computer after which encrypts important documents and holds them hostage until a ransom is paid. |
| Signs of Presence | Files are encrypted with the .GDCB file extension. |
| Spread | Via malicious e-mail spam and set of infection tools. |
| Detection+Removal | DOWNLOAD REMOVAL TOOL FOR .GDCB Ransomware |
| File Recovery | Download Data Recovery Software, to see how many files encrypted by .GDCB Ransomware ransomware you will be able to recover. |
More Information about .GDCB Ransomware[/su_button] Ransomware
Just like it’s other ransomware variants, .GDCB Ransomware also uses encryption on advanced level to render the files on the victim PC no longer useful. But to infect users first, the malware uses sophisticated techniques. One of them is to combine several exploit kits, JavaScript tools as well as obfuscators that conceal the malware from several different real-time shields of antivirus programs. These all may be combined in a malicious macros or scripts that may replicate as the following e-mail attachments:
- .js or .wsf JavaScript files.
- Malicious Microsoft Office or Adobe Macros (.docx, .pdf, .xts, pptx, etc.)
These may be contained in an archive, for example .zip or .rar files that may be sent to the user via fake e-mails, for example:
Dear Customer,
Greetings from Amazon.com,
We are writing to let you know that the following item has been sent using Royal Mail.
For more information about delivery estimates and any open orders, please visit: {malicious web link} or {malicious attachment}
Once the user clicks this e-mail, .GDCB Ransomware ransomware begins infecting his computer. It may immediately set registry entries to make the virus run on system boot. After this, .GDCB Ransomware ransomware may restart the computer of the victim, displaying a ransom screen.
.GDCB File Ransowmare – Conclusion, Removal and Decryption Scenario
In order to deal with .GDCB ransomware, a very specific approach should be considered. Experts strongly advise to follow the removal instructions below in order to delete this malware and try to recover as many files as you can using the alternative methods below. Paying the ransom is highly inadvisable.
Automatic Removal of .GDCB Ransomware
Recover files encrypted by the .GDCB Ransomware Ransomware.
Method 1: Using Shadow Explorer. In case you have enabled File history on your Windows Machine one thing you can do is to use Shadow Explorer to get your files back. Unfortunately some ransomware viruses may delete those shadow volume copies with an administrative command to prevent you from doing just that.
Method 2: If you try to decrypt your files using third-party decryption tools. There are many antivirus providers who have decrypted multiple ransomware viruses the last couple of years and posted decryptors for them. Chances are if your ransomware virus uses the same encryption code used by a decryptable virus, you may get the files back. However, this is also not a guarantee, so you might want to try this method with copies of the original encrypted files, because if a third-party program tampers with their encrypted structure, they may be damaged permanently. Here are the vendors to look for:
- Kaspersky.
- Emsisoft.
- TrendMicro.
Method 3: Using Data Recovery tools. This method is suggested by multiple experts in the field. It can be used to scan your hard drives sectors and hence scramble the encrypted files anew as if they were deleted. Most ransomware viruses usually delete a file and create an encrypted copy to prevent such programs for restoring the files, but not all are this sophisticated. So you may have a chance of restoring some of your files with this method. Here are several data recovery programs which you can try and restore at least some of your files: