Raju Posted January 5, 2019 ID:1290744 Share Posted January 5, 2019 My Pc is infected by Gandcrab 5.0.4 Ransomeware virus. My Pc got 3 partitions. C: only system files D: and E: Data files All got infected. I Reinstalled windows and my C: drive is clear now But my D and E drive all files got encrypted. I have important files in it. How can I decrypt my Files. All folders have that text files which holds that encryption information. Kindly help me to recover my files. Awaiting your replies Raju Link to post Share on other sites More sharing options...
1PW Posted January 5, 2019 ID:1290782 Share Posted January 5, 2019 (edited) Hello @Raju and If indeed the encrypted file names end in .GDBC or .CRAB it still would be best to use the ID Ransomware site to verify with added certainty. Then, if indeed the files are Gandcrab 5.0.4 encrypted, the GandCrab Ransomware Help & Support Topic (.GDCB, .CRAB & CRAB-DECRYPT.txt) topic at BleepingComputer.com is a part of a clearinghouse of accurate and current ransomware information. Do not be lured by websites that promise decryption solutions. Scam sites are all too common. HTH Edited January 5, 2019 by 1PW Link to post Share on other sites More sharing options...
Raju Posted January 5, 2019 Author ID:1290807 Share Posted January 5, 2019 UDUJOTOJS-DECRYPT---- This is the text file in all directories. and file extension of all files are UDUJOTOTOJS. Link to post Share on other sites More sharing options...
1PW Posted January 5, 2019 ID:1290808 Share Posted January 5, 2019 Hello @Raju: What additional information details were given to you by the ID Ransomware site? Thank you. Link to post Share on other sites More sharing options...
Raju Posted January 5, 2019 Author ID:1290811 Share Posted January 5, 2019 This ransomware may be decryptable under certain circumstances. Please refer to the appropriate guide for more information. Identified by ransomnote_url: http://gandcrabmfe6mnef.onion/ sample_bytes: [0x2F175 - 0x2F17D] 0x1829899381820300 Click here for more information about GandCrab v4.0 / v5.0 Link to post Share on other sites More sharing options...
1PW Posted January 5, 2019 ID:1290823 Share Posted January 5, 2019 (edited) Hello @Raju: As you likely have determined, that .onion URL is definitely on the Darknet and may only be accessed with a Tor Browser connection. Great caution is advised! If you are entertaining any thoughts of visiting that Darknet site, a Tails built USB stick or Tails built Live DVD might be the minimum safe method (Still Not Recommended) to isolate the C:, D:, and E; drives from being victimized again.. You are far better off recovering your data from your last backup, if available. TOR Payment Site Edited January 6, 2019 by 1PW Link to post Share on other sites More sharing options...
1PW Posted January 6, 2019 ID:1290907 Share Posted January 6, 2019 Hello @Raju: At this point, the standard advice is to store the encrypted files in a safe place and check from time-to-time for a future solution. Link to post Share on other sites More sharing options...
Raju Posted January 6, 2019 Author ID:1290921 Share Posted January 6, 2019 Thank you 1PW. Link to post Share on other sites More sharing options...
1PW Posted January 6, 2019 ID:1290923 Share Posted January 6, 2019 Good luck and you are welcome. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 11, 2019 Root Admin ID:1291929 Share Posted January 11, 2019 Since this issue is resolved the topic will now be closed to prevent others from posting here. If you need assistance please start your own new topic and someone will be happy to assist you. Thanks Link to post Share on other sites More sharing options...
Recommended Posts