Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GandCrab Ransomware Help & Support Topic (.GDCB, .CRAB & CRAB-DECRYPT.txt)


  • Please log in to reply
294 replies to this topic

#286 rakeshbagla

rakeshbagla

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 16 October 2018 - 01:51 PM

help to restore   this 
 
---=    GANDCRAB V5.0.2  =--- 
 
***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************
 
*****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE WILL BE DECRYPTION ERRORS*****
 
Attention! 
 
All your files, documents, photos, databases and other important files are encrypted and have the extension: .HHFEHIOL     
 
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
 
 
The server with your key is in a closed network TOR. You can get there by the following ways:
 
----------------------------------------------------------------------------------------
 
| 0. Download Tor browser - https://www.torproject.org/ 
 
| 1. Install Tor browser 
| 2. Open Tor Browser 
| 3. Open link in TOR browser:   
| 4. Follow the instructions on this page 
 
----------------------------------------------------------------------------------------                    
    
 
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. 
 
You can contact our support using e-mail. Our addresses:
Primary:    ik253@email.vccs.edu
Secondary:  MilesFlannagan@protonmail.com
 
ATTENTION!
 
IN ORDER TO PREVENT DATA DAMAGE:
 
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW
 
---BEGIN GANDCRAB KEY---
lAQAAAqiJ8fjEfP/BgCAYmmnVYBmurRATdfd/5xp2mwSxBgk9cP1Mw/pgOS/TAQZTpQGvDhxuK2OSeUN+ejMdSe+Y3tgLdDBKa/DQs4E8U+HUZzKBy88CFBJOON3CskO9fn+mYCh/FoxS5qcsxN8ag3D5chaqQ5nuFgUnjREy7DdY77bNM1mSwb63G0MUhdKUF98nBBdWtoSBrHLKqssONSErbu6ye3Rj/Trn2SRjsan2QuvmGW4Jl+yyhDyKkLZH/uFz14pxyqknQeBXN8F2R46gKJIWix0VrJRltV2yj3WwSg15Ftzq3YomXZi2q6QpzjwrQe5MuMVLT+yVZXfjb76ig+PjecTfYH9CEdcyatAMjTlhgJvzxo9jmtdyLTX3ogn0v4PGN9KEfaCRcmc92aWDf5kbjROeg7gDrkELkAHVwGPJ8SDuwbOLyDmfIvp3gmWRKUe7j8yeW5QW4uZf6S3H0nN+VouxsqrFUVmZajJ5aTf3AMJnlGDNB5ANO/TrEQ6It3jEdyxH5HCEnn18A4DBI+he1vM2RP6wF0/ejEUkueiPPOZFtrR0XJj9jtUhjjksF9wB6GbQiCYCdqhp8FyIYdHt697bwGKqsnLXgYB4y2Sq/7pqUo0IFm8p5VoM61yA9c+WOxLIIyts86MTc2D5HbjrLZS9NAYHFsjJO1Cj9dLB1fa6ffWjzzSgPUNFYfHXc2/9MJnrXlfE+/bRrmj3A+k+5Ydr+O4jgWzrm5H3x5Dud+i+cmPinwr+iTU+4rybEZysw4zww+V/v0yMMw7oF+A16udzL1jHCIxOImBbbGIggXZFjjgBWVISrj00OxKJVUuHUhRo8jPq0hQz80xxFMf/VMuJVS5ybW2ies6lHjwMvUa9LKg5cc1+wm+60MydEm8r2GCsthpJtQP/b1aTfJOp9NAXUgIe8G0iCLx6n/ZsPtI+uDuEyCfcmLiUm6cO3bsGwfvXOg2p75j636nrgPLbEjfCClUK45VFZdXDYW3pksHtLdxncBn3vANJoNNtrL4CPmExUjbrUOw5C7yr9hc/APfSj3BH7xREmOi1v+QZfWD9L1BqL2dv/BaR2QFyASx3So/JLB/07gSZ6KnJjDo7ZFnlydArRGazG45/J9zFVnh3SvSZLvx9xmrShKkkreXjAX4LUWbjrsi05UAdz1iOj6RY34bGOO1fFtqWGnpEAkyCfhfa+1Q5yT6nSOX0VXP3odZRu3O0c+17vCK8t3dCJYUN8OVq1N4axbd/DYs9efkS00GtU6ZgkMy8NvSVwz6w4nvlN0KD1CLr4M5bvJJQ/hjXTVPYCAdcmmIJv3YT/Rclejxv0PxPKD4ZKL5nQQzcN98UQC5UXrxIgQhxmsis8JAOjN8EHOTcnOddVMZauIiuUbn/aSZuKX3JPS6RiewIZxNeyws3xUtHDMgu9I/p/l5w/A2k0AwP+iM8uRT/OC1Bggqb0LhZywxBhUb8GuBLHatA6Gt0Yd1WzvAR/FBrhphqVAcnNBosicYC/LOdm+XPAm8Fvrsw2cxvqFqW4oHEewYOMUUV0jLUrwdfdnhKTt4Jun6Xb9bSrDRwqk6d7kwbTG2/EciRDDgySvQQuK7nxQDtViSB2Qrj24xp0nD9pz4nRbHWV1LUrlv9kAmWXnoctlNJDKwD7pJSY4kR3mJDlfATb+JFVmabH6IjkivGAU+8yVYZ9pYEZZhvHTIDJnCLk8HnJBHDONqclfYrYcUj7ezMNgmX0a9sYo+FPpFBSTmxr3/+7iuOaiUqGNnYVTieNfH6aXz9km//Mui7qT569C+HHeQBNq8AO/lHRSWsDapIkYbLumNYmNG5NBnMzvsLoehtjfu8hDdZaCUoqPeodHxqelN6si+Fk7xp4uY+uBdcHEfzKwXApfhAjTa06rEmHpMQDTnzOHe9j+wDNGjOdvjTnD1IFz81NMwk0XzYldAGJhFngmApDeh6/NddoBmKuYD39Rl2Lr9W2UncjYwbJeNxzjEJppdb9slCSraHGlzZ0ATloMA9n6FmWUL08PPyGJrXsbZHLNhN1bLWRYiLBj3jpGU+HrawgMReOVrjbn84r/mCapMmNOaWRQHXIPpkgM1ohjlGTO4BMd/difTNXSS3mgw8yB2V10vyVl5fMuaCetVO+LKHL5kovtp5hzO8YyFltnNcG6/W6cVdnl9ZTWFN+4MFEdNuNQzpKT4+4roQK4ViaFC+/6Adq1qw1FHFJIPs64ZniT+trzB+bAnuro=
---END GANDCRAB KEY---
 
---BEGIN PC DATA---
wfKD6iudumBkmpL8IRr4U5WxLFaWOU/t6zxNOuL12FYqvNmWPB5KYaxd5ZYqTplRvXYQ7mpWoLfWTHOH5R5bBKvzpdMz74r6G0GXDCriMpJ288/FKv/amF6obpAeLpej5fxw2X3xAZKuipuhf0T/Ar4AjbYWOMuX87n5bUAkT3Q5bY+W5cCrYYFYT6THxtcpFY4S296ARVK5ZBxVvAPOuUDcdiJD2MGMbEOrMKUP6IpWLFuTEpxemokoEHYrP7g/Svr81spzhTbvjcBABnhyl6ZnXt04CAUxew7FDNMroX0xSjXFDg+8kdstOdiyqYmnr7rr54JisbErkQzB7eLs/2A2FeswGplYPVrdBmTt8hGLEbYb+CdG4tS4OabgY8JybIyq2S6ikpQYTToqP1O8JNQJ9ZFhwNsoVRPenPc+Xu4LALKf/mE8g9prUQ2BxHtKtA6YZi7pCRFJ3vHLOOap1wMZOHQSRlaKfDnV1k7gcX8PmU7fmCzwQUtnmbIrls6w6XIOVZLpCTf+fGIcBcALPwNN9n85Q3PC3aZAEuLtKEirBYBMZJHwHpMOfL/KRcYPool9V6vu4LPAzML9MXYCh8cz6exIReFtKP/QbknWx+J5XuVeR9RE9ERhOVLe2rxgkmnaLVMzmgsNfmX5F2FYiSAEyLICT7LbHQF3Kdn/yTNpdHA3tG4TffKUtXJpLfG8WB0LXb0DBNZnjXXf8QrHwnAunsUumIrgz4riOjttRSs5DnNI/xsSYEECvLxdZlUy8csIO86ldU+FruZO0I9oQ+DDj+734+HlsS353Mhh
---END PC DATA---


BC AdBot (Login to Remove)

 


#287 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:50 AM

Posted 16 October 2018 - 02:15 PM

There is no known method to decrypt files encrypted by GandCrab V2, GandCrab V3, GandCrab V4 or GandCrab V5 without paying the ransom.

If possible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Ignore all Google searches which provide links to bogus and untrustworthy removal/decryption guides.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#288 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:50 AM

Posted 18 October 2018 - 02:32 PM

Latest news by Lawrence Abrams, site owner of Bleeping Computer (10/17/18):

The GandCrab developers released the decryption keys to Syrian victims. Demonslay335 (Michael Gillespie) imported these decryption keys into ID Ransomware (IDR) so the service can determine if your key is available by simply uploading the ransom note here.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#289 rakeshbagla

rakeshbagla

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 18 October 2018 - 03:16 PM

we all ready upload ransomware note  



#290 yenyen

yenyen

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 18 October 2018 - 08:06 PM

Sorry, my mistake lol it is just out of curiosity of trying and hoping for the recovery of files.. Anyway, am sorry quietman, am not a syrian people.. 


Edited by yenyen, 18 October 2018 - 09:32 PM.


#291 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:50 AM

Posted 18 October 2018 - 09:23 PM

Are you a Syrian victim? The criminals only released the decrypter keys for those victims who live in Syria and those keys were imported into ID Ransomware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#292 PedrofromAus

PedrofromAus

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 19 October 2018 - 11:30 PM

Hi to all,

 

Well, another sucker has just been had.

 

I have been infected with the Gandcrab 5.0.3 with ZGSJPN added to my file extensions.

 

I have installed Spyhunter, ran it, looks like it has cleaned it out but can not decrypt the lost files.

 

From what I have read there is currently no fix for this.

 

Has anyone paid the ransom and successfully retrieved their files.

 

Regards Pedro



#293 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:50 AM

Posted 20 October 2018 - 07:45 AM

I have been infected with the Gandcrab 5.0.3 with ZGSJPN added to my file extensions....From what I have read there is currently no fix for this...

That is correct unless you pay the ransom or you are a Syrian victims.

...Has anyone paid the ransom and successfully retrieved their files.

Some ransomware victims have reported they paid the ransom and were successful in decrypting their data. Other victims have reported paying the ransom only to discover the criminals wanted more money...demanding additional payments with threats the data would be destroyed or exposed. Still others have reported they paid but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the decryption software and/or key they received did not work, resulted in errors and in some cases caused damage to the files. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all and decryption of very large files may be unsuccessful even with the criminal's decyption tool. In some cases victims may actually be dealing with scam ransomware where the malware writers have no intention or capability of decrypting files after the ransom is paid.

Keep all this in mind if you are considering paying the ransom since there is never a guarantee decryption will be successful or that the decrypter provided by the cyber-criminals will work as they claim...and using a faulty or incorrect decryptor may damage or corrupt the files even further. The criminals may even send you something containing more malware...so why should you trust anything provided by those who infected you in the first place. In some cases victims may actually be dealing with scam ransomware where the malware writers have no intention or capability of decrypting files after the ransom is paid.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#294 PedrofromAus

PedrofromAus

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 21 October 2018 - 01:27 AM

Hi Quietman,

 

Thanks for the reply. Do you know on average how long it takes for these things to be cracked?

 

I don't want to pay but I need my files back.

 

Regards Pedro



#295 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:50 AM

Posted 21 October 2018 - 07:50 AM

We have no way of knowing when or if a free decryption solution will ever be available and we can never guarantee if any ransomware can be decrypted without paying the ransom to the criminals or by paying them. Decryption depends on what ransomware infection you are dealing with, the type of encryption used by the malware writers and a variety of other factors as explained here and the fact that the criminal's key is not generated on the victim's computer ensuring it is much harder to break. In most cases, unless the criminals are found and arrested by the authorities, and/or the keys are recovered then provided to the public, there is no possibility that anyone can provide a decryption tool. However, there have been a few instances where the cyber-criminals, for whatever reason, chose to release the master keys after a period of time but that too is not a guarantee.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




7 user(s) are reading this topic

1 members, 6 guests, 0 anonymous users


    Yolo999