How to recover server 2012 R2 from GandCrab V4 ransomware?


  • Hi,

    My server 2012 R2 is attacked by GandCrab V4 ransomware. how can I recover/remove it from my Server and how do i de-crypt the important files. And how do i prevent it in future.

    Even I have hardware firewall install. still how does it infect?

    Thank you

    Friday, July 13, 2018 9:34 AM


  • The only recovery from this is to delete the server and recover from a backup. These ransonware systems are pretty thorough and do not provide a method to undo their work short of either paying the ransom or rebuilding the server and restoring data prior to the backup.

    Attacks like ransomware are not just a remotely launched attack that need to get through a firewall. If someone clicks a malicious link, installs corrupted software or somehow allows the software inside the environment, it can infect and spread to any system it can access. Firewalls are not going to protect against ransomware.

    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. He is also co-founder of Revocent ( and its CertAccord product that offers Linux certificate enrollment from a Microsoft CA. Connect with Mark at

    • Marked as answer by Annan malla Monday, July 23, 2018 4:34 AM
    Friday, July 13, 2018 2:19 PM