Jump to content

GandCrab V4 wiped entire hard disk - is this possible?

Recommended Posts

Hi y'all. My HP Pavilion Sleekbook running Windows 8.1 just had its entire hard drive nuked without any warning, and I'm pretty sure GandCrab V4 had something to do with it. I haven't found any documented incidents of GandCrab causing data erasure, but I do know that the ransom note it creates does mention the possibility of "loss of your data forever." Is it possible that the ransomware somehow failed in encrypting my files, and instead decided to delete them all?

When I was trying to download some files onto my laptop, I accidentally ran an executable with the good old .(file extension I want).exe trick. My fault for never turning on file extensions. The file didn't do much of anything, and my Avast Premier didn't detect anything. I ran Avast and MBAM free just to be sure, but everything came back clean. I figured the executable was probably just broken or something, and even if it was something nasty, I'd be alright because I have network discovery disabled and I don't have anything important on there.

My laptop worked fine as usual for a couple days until it refused to boot. Windows kept giving me a startup repair loop and said it couldn't find anything. Refreshing wouldn't work as it said that the drive was locked, and resetting the drive wouldn't work either. No system restore images were found (odd considering my laptop just had a major update), and the HP recovery manager couldn't even perform a factory reset.

After trying the HP factory reset, I shut down my computer in anger and turned it on again a bit later. This time, instead of booting into startup repair, a message appeared that no operating system was found on the hard disk. I got a Windows 8.1 ISO, and when I booted into it and got the directory of the C drive in command prompt, it was completely empty. I decided to look in the D drive, which was previously used for HP recovery, and found nothing but the GandCrab V4 ransom note telling me to cough up some money or else my files would stay encrypted.

I find it odd that all my files were deleted and the ransom note happened to be the only file that survived on the entire hard disk. There were no .KRAB files, no Windows folder, nothing. Just the note in the D drive. Is it possible that this is a new manifestation of GandCrab?


TLDR: It looks like GandCrab nuked my hard disk instead of encrypting my files. Is that even possible??

Link to post
Share on other sites

  • Root Admin

Hello @Atypically and :welcome:

No it is not possible for the software to physically damage the hard drive. It can potentially help lead to a failed drive if the computer were already overheating and you're constantly ramping the hard drive to run hard and cause even more heat. But again, that would only happen on a drive that was already failing.

At this time trying to repair it on your own is probably not wise. I would recommend that you probably seek the advice and help from a local computer store that can fix this for you properly.

Thank you



Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.