Home Ransomware Attack: GANDCRAB, Dark Web Payments, and Backup Strategies

Ransomware Incident at Home

One day the author's father reported that his computer could not open QQ and many documents, and a mysterious window full of letters appeared on every boot. The author accessed the machine via TeamViewer and discovered that many files had been renamed with the .rodgz extension, indicating infection by the GANDCRAB ransomware (variant V5.1, updated December 2018).

The ransomware encrypted files and left a RODGZ-DECRYPT.txt file in each affected directory, demanding a ransom of $500 payable in DASH cryptocurrency. After running Kingsoft Antivirus, the malicious process was removed and the ransom screen disappeared.

Understanding Ransomware

Ransomware, more accurately called ransomware software, is a type of malicious software that encrypts a victim's files and demands payment for decryption. It differs from traditional viruses, worms, and trojans: viruses replicate and need a host program, worms spread across networks, and trojans aim to gain control. Ransomware combines worm‑like propagation with encryption, exemplified by the infamous WannaCry outbreak.

The Dark Web and Ransom Payments

The author accessed the dark web using Tor Browser to view the ransom note. The dark web consists of sites with .onion domains that are reachable only through anonymity networks like Tor. While the dark web hosts illicit marketplaces, it also serves as a communication channel for ransomware operators demanding payment.

Dash (DASH) Cryptocurrency

DASH, originally launched as XCoin in 2014 and later renamed Darkcoin before adopting its current name, is a privacy‑focused cryptocurrency derived from Bitcoin. It offers faster transaction confirmation and enhanced anonymity, making it attractive to ransomware operators seeking untraceable payment methods.

Backup Strategies

To mitigate ransomware damage, the author outlines three levels of backup practice.

Lite

For non‑technical users, simply copy important files and directories to a USB drive and store it in a safe place. This provides a quick recovery option for most personal data.

Copy files to a USB stick.

Keep the USB in a secure location.

Pro

Adopt the “3‑2‑1 principle”: maintain at least three copies of data, store them on two different media types, and keep one copy off‑site (e.g., cloud storage). Versioned backups are recommended for enterprise scenarios.

Three copies of each file.

Two media types (e.g., local disk and cloud).

One copy stored remotely.

Pro Plus

For users with high‑value data and heightened security concerns, use multiple physical locations. Purchase two external hard drives and place them in separate houses; optionally add a third location in a different city or country to guard against regional disasters.

Two hard drives in different homes.

Optional third copy in another country.

While personal data such as movies may be replaceable, photos and videos of family members are irreplaceable and merit robust backup protection.