Jump to content

GandCrab 5.0.4 Ransomware


Orbtaz
 Share

Recommended Posts

Hey guys! Recently got infected by the GandCrab 5.0.4 as some of you might know this virus encrypts your files and there's no way to decrypt them unless you pay the hacker. Also know as a ransomware. 

So there's little few tools out there for earlier versions but nothing for now on the 5.0.4. I decided to post this thread since I found on the support blog a possible solution https://support.eset.com/kb7049/.

The only down side of this decrypter is that it detects the files that are infected but when cleaning it shows [error] on the right. Like shown below:

download.png.4ababe1ab12815e5182e7e6b76ac0d25.png

 

Any solution on your side for people who got infected to get your files back?

downloadw2.png

Link to comment
Share on other sites

  • Administrators

Unfortunately files encrypted by GandCrab 5.0.4 cannot be decrypted. If you are an ESET user and had ESET installed at the time the files got encrypted, we can try to investigate what happened and what led to the infection.

Link to comment
Share on other sites

  • 2 weeks later...
10 hours ago, kingsyno said:

My client server with ESET installation on it just had similar issues. Please what do we do?

If it's GrandCrab ver. 1,4, or 5, you can try this to see if will decrypt the files: https://www.nomoreransom.org/en/decryption-tools.html#GandCrabV1V4andV5versions

Additional reference is here: https://www.europol.europa.eu/newsroom/news/pay-no-more-universal-gandcrab-decryption-tool-released-for-free-no-more-ransom

Link to comment
Share on other sites

Hello we have tried to use this tool from Bitdefender at several pc's: After start of the scan progress, i've got the message "Initialization failed". Do you know this ?

Link to comment
Share on other sites

  • Administrators
2 hours ago, FH68 said:

Hello we have tried to use this tool from Bitdefender at several pc's: After start of the scan progress, i've got the message "Initialization failed". Do you know this ?

You'd better ask the maker of the tool as to what the error message exactly means.

Link to comment
Share on other sites

  • 1 month later...

i had same probleme with gandcrab 5.0.4 , finaly we had dectypting our server with help from  a company of USA , but we had payed since 2000 dollars

someone need help i gave him a name of company and  email to contact they are making a free cheeking

Link to comment
Share on other sites

  • Administrators
5 minutes ago, driss said:

i had same probleme with gandcrab 5.0.4 , finaly we had dectypting our server with help from  a company of USA , but we had payed since 2000 dollars

Please read the discussion above. Decryption of GandCrab 5.0.4-encrypted files is not possible.

Link to comment
Share on other sites

  • 1 month later...

Please Help me

---=    GANDCRAB V5.2    =---

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

Attention!

All your files, documents, photos, databases and other important files are encrypted and have the extension: .ETSUM        

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.


The server with your key is in a closed network TOR. You can get there by the following ways:

----------------------------------------------------------------------------------------

| 0. Download Tor browser - https://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser:   hxxp://gandcrabmfe6mnef.onion/3031594de017ba8d                        
| 4. Follow the instructions on this page

----------------------------------------------------------------------------------------                    
    

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.


ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

---BEGIN GANDCRAB KEY---
lAQAAPHeffP3hBn9y0/6FBwmy8/i/goPkZaiCvk9OljFxHD5SujE1eJnFAMWbZcK25lmojDx4DncjTQTYK47DVRMKfQxa+tA6qA11XyW+m1tqXZ4FpvPqfxTAlc1tmYtpfd8NZ0H0pZU+Ssy1xPQ+pCshPi9WoixwPZiw1j1Ez1sasKqtut0hjIzlRS+okh/c6MJp+t9zAYnDg9TmDk6vRXiZ8MuTdefjE03MaD4KQyzrA52hDEYCqS8RnDjF6r/vnXK22D2YceD8JMBzOJqw72Bkl7XkUa6sNOUhW05t2JhAUIMBe3xAB8e1/cS3kuqqDtJlEpXjb+7ga33qpB7RJMFGD7kp5Lt6F+Bo1COkMHor4zEh7bbCNRrQAFTmLX3hTG9wPIiX0rGLy2A2q5uJS55IgDZLpZ4nMi2Nb0ots22d/Mks35ujjsazJXY64ef74JhIFVIBtBXhPxThxi2RrjZbcemH+RH/tkvu96nW5PkQl7/Uksaxiaeb8bIleVNQpm9Y9Go6QmOYvoMPsRz5YFaPjGEwKd79/Q4Wz2Akl05c9AqSPiy0flf/lVqg5/iDB3vM4eOlCV4lO3Ar6nrgjcDQpnYNUjqTc/MdLSXPL72e5THnJoEG2co+IpVG5cbB+rs8Jt6EMKm7KwIwQp05yZB+p41JoayIZYOxeXPLkepypauN8uhxidnFd/kFpz/6Of4yjvbHrcurMuRC82mARSNtZZF8ddN/Y3mmOUS+zgEG4e7xbdvz0e+gYIgHFaoYDkUqprsUP3/7J9fkRJzNc6rJlpmBAd6IMQClQwPtTi5sXmAtQFhc8utaP4vgpdpo9SF1e+uPhhVGUfUWNUkwuS0FQi8LK8HjFLqPxlK3X7VSU36IpVBSU1fFNxG5SoSHgyEw3W8cYHHbu/f2ymYHZh5/cqzoCdVW8CrfRyD2QaGqAodxG3aFh7URCv+GMgZzRCzyUqXsnXkpfp14v1/Ox2CllhM0UQOvg5txHX0TbMdt/vJzFDgqr5fUfLDNWIcuwW/f7g751m8ERrQJEU340Fz90aSoqt8orgBGKUpjznkzms+e2lUmHP+BSqmCr2fumW4JOWPB2awQZAnRPA72b264AyvsWs0kKWHg3tn/Yjh8Tc5adNHCiHvqGyF9oO/s1kgnf0yYtbvfpI1GG3Zbu+Rx2I0iSjylLrv04wLz5etWJOt55+9hiPHYE+nrYM7A4ncbBI5YChGdMS2oRr9vAej5L1tifZm+x2/ZnCMPe/26DLxIkybUfiDJ559jqxrdhPbwFesNeL0Z/nmUvRfAUgsDCu0v4x6o8HpI/ll1emIiqleU2J401ig+Ljze3KHxSB49cTKZpRW8fyreOQ2qii4+LTEMP5elj6QZ7wyk/FqMdrVqtj+0OaP3rSQZpyjonP7H2Z5rGGKOpR9YtTNFNLe7VAC8XrqMvggr/0NGm/bnho/yBK5FjQJxjN7eyGs/BYcOmoSMkDrMo0G4ETbEf7+g077olhHd1dRRAq5BW51HyRrMVKUfOD1R7TcOEAwPMk5r4Kr9ncW3Gxj54vj77+1WROUfhlNZJ66/3xvVVJax+4PSntOh5E6P5V2LJy9W/YS+qjvoF2l0b87yM5ODrJCN5U4J9nvFi41V77UdJ0AgsjzGXPXhuevmFPfoDAyBIGpY1WxMFhcs2PQ+YiTIb2iqKx+fU+ma5eiYm8bE+Ij5SP7MfDG5oEkulWFL89gqidrCzH1uPJGmtelHnLLFrbapkNvxVZgSXQjXx1bln8zso9xHnt81W6sPcMyzz9cmRrCqk1p6W1SlxYR1v2xfmmr7BjD4A/97tcVJ9YHCx8GjCaga2AYz8vyF9TaBfcIuvTRjW/nfcQ14dFW3grTQk0pV25YVB9TLvEua1Y67xJ6dY1fw9/8tU8dBzYpdvykckSR6tQ+Fdki8ofVPz+gMGLK4ejEfFIoiJXmJo2M7I3EPcTddOu/MYBtyHj6VRCWj94mhfbt7y9JIWGxeHVf2PV/w3MuTvzbucw+3GW78JyrHT3OLzlh/gcxYQn1JRn8HD5xo3Iq5UJ0l5B3toNged8IoCygwbQ2IBHL+m8ecj44ID3h6JxfORZKgQ0XSeWmFL1iqngK2+9W/TdJeIbf2GvcPRxPCPsS/E76j7Fzk1s/HDoa8oNmsIJxJYuHnIruvsXGoPBsZ+xZTcev1lrO9lHZt1vaMKbLBqMJRG1CHH3SDLmjkRIlGY+5IZRmU7Zh+fpSyA3cW4Y=
---END GANDCRAB KEY---

---BEGIN PC DATA---
7ftDEgLb/ZS0lcmZbHM61KXJ+QOtD78KkA6YbtIgFHYeWLYCxZ+XYFtxBmDb9KHJOJDfAveVruDURWTIXHRKQxKa0bPezrYSbugAaoKX2qbLGOIpU0uVIkugicQ2qivs7UgEXVJiDcF0iWP/gFL8WqBHGyOgMof74iZHO883kWa60KsRG/ofEubBktllsriHT/UeIK90f4NTA3Q0Aa7fDOtFnCOTB5ome7FLZ/fMCt27gAb2/52sUzN7xdxdWKoyoIWs5zhHRnLzMN2B2FCFejeo6FqknM+Z9V9tSQjO6DBgmLP77YDkGFwpQajrRTIVf/fa0xZSWyCqtOOJKdAABidqrsY9R+G3NLHFmdCR2EfVP9ny/fNiLObjCKPqr1xWo+YkTxTJi/a4L0V0svf5S0uz66BfoUfFwZ2FPDCx5yhBudvoNloI6ieVw+mqqBpva7wdrtIypS8C1fKlXDmW7ql4B+wxgTuwN0zEb+Yfs9wmLRGjwLinwCjinzPbKPiggI2ZWKP+7AkTvCqijIFTEvFEvSMmANnhwdQWIEb1VkGZyeCMa50L1g0/++QRe3MErXSSCpTrEtcgPD+VXcpHLqob8gmfcCmV/LDCEcqsE7TSnImaaUIrb4A04lHNc2jS1KJcDEnFkoGsqFxw2kbVxJDG+XUXm+LKbvNrEpCdUpjpzkRfBboQ7zM2rl+FdDh8r5KnQFJjp11vytzw8lzJuuRBOA4tyUZuPcZyGAVsV+Bpu3zqEaf+as1M7XVHDWIYTMSoLfTUyH8=
---END PC DATA---

Link to comment
Share on other sites

11 minutes ago, Duminda said:

---=    GANDCRAB V5.2    =---

Unfortunately, no decrypter currently exists for the 5.2 version as far as I am aware of.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...