Hi y'all. My HP Pavilion Sleekbook running Windows 8.1 just had its entire hard drive nuked without any warning, and I'm pretty sure GandCrab V4 had something to do with it. I haven't found any documented incidents of GandCrab causing data erasure, but I do know that the ransom note it creates does mention the possibility of "loss of your data forever." Is it possible that the ransomware somehow failed in encrypting my files, and instead decided to delete them all?
When I was trying to download some files onto my laptop, I accidentally ran an executable with the good old .(file extension I want).exe trick. My fault for never turning on file extensions. The file didn't do much of anything, and my Avast Premier didn't detect anything. I ran Avast and MBAM free just to be sure, but everything came back clean. I figured the executable was probably just broken or something, and even if it was something nasty, I'd be alright because I have network discovery disabled and I don't have anything important on there.
My laptop worked fine as usual for a couple days until it refused to boot. Windows kept giving me a startup repair loop and said it couldn't find anything. Refreshing wouldn't work as it said that the drive was locked, and resetting the drive wouldn't work either. No system restore images were found (odd considering my laptop just had a major update), and the HP recovery manager couldn't even perform a factory reset.
After trying the HP factory reset, I shut down my computer in anger and turned it on again a bit later. This time, instead of booting into startup repair, a message appeared that no operating system was found on the hard disk. I got a Windows 8.1 ISO, and when I booted into it and got the directory of the C drive in command prompt, it was completely empty. I decided to look in the D drive, which was previously used for HP recovery, and found nothing but the GandCrab V4 ransom note telling me to cough up some money or else my files would stay encrypted.
I find it odd that all my files were deleted and the ransom note happened to be the only file that survived on the entire hard disk. There were no .KRAB files, no Windows folder, nothing. Just the note in the D drive. Is it possible that this is a new manifestation of GandCrab?
TLDR: It looks like GandCrab nuked my hard disk instead of encrypting my files. Is that even possible??