Jump to content

Gandcrab Ransomeware Detected


Recommended Posts

Hi woomister :)

Sadly, files encrypted by GandCrab cannot be decrypted for free at this time. Your best bet is to restore from an earlier backup, should you have one, or try to recover files from your shadow copies if they weren't deleted in the encryption process.

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Files encrypted by GandCrab Ransomware cannot be decrypted for free. Even if you reinstall Windows, all your personal files that were encrypted (.docx, .txt, .mp3, etc.) will still be and therefore, not usable. If you don't have any backups, the best thing you can do is backup your encrypted files somewhere safe and hope that a free decryption solution will be released in the future.

Link to post
Share on other sites

There are two ways that can lead to a free decrypter being released:

  • A flaw in the Ransomware is found, and then used to create a decrypter (a flaw in the encryption routine used by the Ransomware)
  • A server that contains the private keys used by a Ransomware to encrypt files on the computers it infected is recovered, and the keys are used to create a decrypter (like Kaspersky's Rakhni decryptor)

I cannot tell you if a decrypter will be released for GandCrab, but so far, it doesn't look like a flaw exists within the encryption process it uses, so Solution #1 is probably out of the window. And for Solution #2 to happen, the authorities needs to recover the server(s) used by GandCrab and then provide the keys to a security vendor so they can create a decrypter with them. This all depends on how much information the authorities have about the Ransomware operation though, and how they can act on it.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.