What's new

Malware Ransomware Grandcrab 5.2

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

MagicBoo

Member
Jun 3, 2019
5
0
OS
Windows 7
BR
Firefox 67.0
My computer recently became infected with a malware called grandcrab 5.2, it does not bother me to format my computer but I have a portable hard drive that does not want to lose the files, how can I recover my work files

PD. Sorry for my english my language is Spanish
 

ThumperTM

La Patróna
Owner
Aug 18, 2010
12,375
8,883
OS
OS X
BR
Chrome 74.0.3729.169
@DVDR_Dog - Is rannsomware expert, If am not wrong there is not tool to recover encrypted files with Grandcrab 5.2
 

Megabyte

New Member
Feb 19, 2019
1
1
OS
Windows 10
BR
Chrome 74.0.3729.169
You can recover your images anyway - something I found by accident after taking an 82GB hit from Gandcrab 5.2.

I had Google Backup & Sync running in the background, it identified the newly encrypted files (in my case image_name.jpg.vnveni) as images & uploaded them to Google Photos - where they appeared as images. No shit, Google's servers don't recognise Gandcrab encryption.

I was like WTF? & did intend to research this thing, but was a bit busy batting Gandcrab off from my network, recovering from backup then running extra insurance backups across my clientbase. Then I forgot about it. Until now.
 

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
868
479
OS
Windows 10
BR
Chrome 74.0.3729.169
Wow that's some great news! Go figure. I would have never guessed. I wonder what processing google does to retrieve the images? I have to admit I have yet to a system with that infection yet.
Thanks for the info Megabyte. Heard it here first.
 

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
868
479
OS
Windows 10
BR
Chrome 80.0.3987.149
Please ignore all of tolikkk's posts and do not follow any links provided.
 
Top