If you ever encounter your computer pops up a message saying “Your Computer has been Blocked”, then consider it as a serious note as this Virus is a ‘Ransomware’.
GandCrab V5 is a newly detected threat in the family of ransomware that encrypts most of the files on the attacked PC. Security researchers had reported that the threat uses AES-256 and RSA-2048 encryption algorithm to encode files on the attacked PC and appends ‘.GandCrab V5’ extension to the encrypted files. It is analyzed that the GandCrab V5 is distributed through phishing email campaigns similar like Dream_dealer@aol.com Ransomware. Unfortunately, if the user downloads the infected mail attachment that is actually a macro-enabled document containing the payloads of the virus. Upon clicking, the document starts running the script and GandCrab V5 gets installed on the attacked computer system.
After installed, it searches for the important documents, photos, video, audio, databases, PDFs and other local drives. The infection uses AES cipher to transcode the data that are locked by the filename and the‘.GandCrab V5’ suffix. For example, blackcat.jpg is renamed to blackcat.jpg.GandCrab V5. After the encryption process been done, then the Ransomware drops a ransom note on the desktop and the encryption locations.