You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

cornic

  • *
  • 2
  • +0/-0
      • View Profile
extention .zwckfaz
« on: January 15, 2019, 11:42:14 am »
Hello,

Have you a solution for extention:  .zwckfaz

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: extention .zwckfaz
« Reply #1 on: January 16, 2019, 03:35:08 pm »
Hello,

Have you a solution for extention:  .zwckfaz

I cannot find any ransomware virus that encrypts files with that particular extension.
What else do you know about it? Is there a ransom note inside a .txt file (a readme document) ?

It might be GandCrab, but that is just a speculation.
Please provide more information if you have such.

*

cornic

  • *
  • 2
  • +0/-0
      • View Profile
Re: extention .zwckfaz
« Reply #2 on: January 17, 2019, 08:10:50 am »
in txt i have this name ZWCKFAZ-DECRYPT.txt:

---=    GANDCRAB V5.0.4  =---

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

   *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

Attention!

All your files, documents, photos, databases and other important files are encrypted and have the extension: .ZWCKFAZ     

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.


The server with your key is in a closed network TOR. You can get there by the following ways:

----------------------------------------------------------------------------------------

| 0. Download Tor browser - https://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser:   http://gandcrabmfe6mnef.onion/6e8f9d4aa9f20e2                         
| 4. Follow the instructions on this page

----------------------------------------------------------------------------------------                   
   

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.


ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

---BEGIN GANDCRAB KEY---
lAQAAJ7XS9JrRF348IVXd9Jj100Pfm5LgcGsdNfTfov4rBOm7DvmAxcQ8BnlGtOVFeI6+Cz+wx9JvXHGwlTVbKYFKSUyDTLGd3Qq2QBiqaLCgTEXzOwQBWwYbbwJccPiY9tJmRBhnrbRPElFhC5hecJeiTRgKncoqvZrVIi5rk7F+3qcU09MjRYo6EfBPuVaGTMrWWSwTQ0mGXgrLyPO/wBLUJ7//KHQP3aAgVMaX8LyNwLYjhhWtqUMCVqE3xWNln85Ut6oVIK4W9gON5cHnctKZUQw9bDKs1BTbu9NF25nPTnn3dC5qz/F69wQMmi3eHCboftfwkEMp+WGLyad/5KmBmIvPArbyXoQi4W1uFeIgHKS9u7sf0F8ckTx71/3yncSE0tbMsVuOaLhui0bco+YR1CEPXtD4bKqPd4uMkRw7RTLe83y3tNrDb1J1I2SbiH0WoZoREdm4VN1917LHvUNIBaptzBya95pcvuoRNRq3bJ2+kY/JA/ddvSC9BSpwDucBbhU9V9qTDHMiFdgnNPZIO3iXWKfQzAW2pIA9MBZtjGyJBQ/h5xlgb6fephzK2/qLAVK7LvkIQNNZNHfo6hwI7DHnEZfUN7uXVl/Pdkf8qE3Xb2xzE0Jr+G5xC+r1AO7VHK0zUybkxmf8qmrodlQ6854O7I/i8NyIp1TD+LUIM6hwhDhJ8dhl2cuEhp8WcYbSZq1QhILHT0jN2i5FmLj3lEjnRCdfV5MnrOXTEReLlD5Oe1zenmj1aXsubmtg76M4d75hSbgsT8po+n47GFHa7iCwNylDvdC/HpNGOhCWCZQaubQHHoTKRXtnZPilUiqZFJXjUoclLpFLv4DcIDb74HMv9eEJIrPTacHZZyjsBN/p24oIUR/qD0aWyzzZj12W4ouZI9H2b8ATNzkanjN2BdDR4Ydrud5hF69lrmlR0d6lPJMYhRWuelewR9VsA4DMilgPtlen0v9AcaV591KKOOnaOjbABPpDBNez8xEvZcm1WoOecullbvp7fmNc8lRCFJ9NiQRKmXw5HWhy6Elxh3ChWz7l2hZIX7qu0970SulPRF3cM4ZTEY56MMRg+VleKZf7Dqvou5q2d57U7Ck93V3lvTQYOyn9DB8jdsx5WQ+4NZQref8oN8zuzdq04oZiuEdqIVih9GTebPHRFr8qpqhVeCBim4+qY/d9YZuqDeHBAMFveNoGEGGNnISo0lmQnHrd0Qsj9ZXZFH+YSfgLG/7y3lwC16dvraeUAR0RLW0SbasPzqhAB/lQm9S3VbfpJTqd7UDmzKmh7sTgEMEaPuWHGY5EORgiIR/lFLjYXWks77nENzYtiXm4gNQqVJHxIapX11MNtVTZp1+H+BLS9XazMgME6gPok8mW1nrIYmFu1AkkaTdk+NkFxjteMmbEnQwOUVOVPOJ5DyDqV4VqOucwihK4naMtNPm4aaSqhGBa4hJtExoK7v9KNWyGO3RFYGmXEWuunCnES8sSBlxFm2wT26B3NCyim/qf3qxKuszLBrHmx8jyg+QTk9atfeCF/Dmx5AQSLsNmMkgXEp+fX+cxJyCpUXR8eF+eRPY41TSIg8wAeri2ymYlxib8GIoQmVznnhDe4lWyaAl7j0wUTxLJxdZDu1sB7xOuXZu+8S2YxB/N+cf6rpaynaJTpQeeM4vBoo2jNS03a2akJHCViTo+upcIpiVtdbVHIhqOXUqFac00imrvEWtNT5TugDFWDm5QoUweA3BGW2DTR9CReKVcVBh5N/pnYOe5nf8dv+5y4oqg8v23CJNC9yRMpTjqIDg2atYxQ6uxYEYzQ4JDW1xCX26xxCFqTRGKqVECZLnSRwS1/5K61dYKt/nbrbYBG4f3YBYpjwtUpiXFqSKfXoWL+XIVOYMeRVNgAkhM2VQR2fG6peTYMmjuBcl667jyiIsIrwrkQmadOekRa1kNOgOEwKOkiiu7jSzzovoz+xSyWzX+xHim3fS5TRj9M29MKBzn0TSnRBc2swedrj7OKPpTwRbSsFAKOIjThOorM0q3GTpOF9IWs3Cd/rzrgOtxUcnnGlCC/ELvl17A6W+kct3I9fgcmtEgfPKG273JoKFhzCF2xkc76ZufpElmfU1hSijB/6FLeWhGqsKdhepgSahd71rF2pR9IcNP1vIiMKUkatdIIFXrWdxH/W0k9VA7+qdaj/FAt7sRBkPbHlNl6e8f1sOF8TsnfYmL4+tafjfW9GOPwhWUGp9HqahlOE31vXhA9A=
---END GANDCRAB KEY---

---BEGIN PC DATA---
wfKD6iudumBkmpL8IRr4U6exElarOX7t3TwmOrT1y1YWvOiWMx5GYaRdvZZTTpJRrXYU7mxWqrfFTAyH5x5KBLLzuNM27//6cUHBDDniDpJO89rFN//AmFuoI5B0Lo+j+Pxp2XHxFJKzioGhekSJAvkAmrZdOLuX4bnCbUAkJHQybZCWrsDoYYlYSaS+xsspF44j29WAGVKxZAlVrAPtuXzcfSJm2PGMFUOwMKMPzopfLAOTW5wamtsoU3ZSP7o/WPrJ1shzlja4jfhAHXghl5VnWN0hCBIxNA6DDJAroX1MSnXFSw/5kfktO9ivqcans7r95/tivLExkSfBsuL9/yI2HOtuGt1YaFqVBmXt/BGIEZob/idP4ra4Yqa1Y8Zyb4z22XOil5QSTTsqalPuJNMJqpE+wNAoBBOdnK0+HO4HAOuf2WE7g99rIg2fxHdKqA6CZlvpZhFM3vfLN+ah1wUZOXQeRlyKeDnU1ljgdn8SmU3fmyz7QUlnlLIpls+w73IJVY7peDfofGAcdsAVPw9N6n8jQwXCtKZEEuftK0isBYBMaJHzHpIOY7/KRd0PoIl4V6Hu5rPAzMb9JHZwh8QznewxRZVtK/+ublDWvOITXpdeMNQr9EphP1La2rhglWncLV8zhgsFfmf5GGFbiTYEyLIFT7XbFQFyKdn/xTN3dAI3uG5zfdKUiXIRLYS8NR0MXaoDTtYgjSffmgqZwiMuksUimI/g1or2OnttGStzDjZIphtFYBkCtbxOZhIypcsbO86lYk/QrqNO1490Q+3Dvu6j4+bl7S2i3JNhYfmT5/I1ncrDV8wJnRUeifvdjSiODujvQ/HPl+0FWAMDedTquaf8L+rB/rNmvWADSV2xZsZd
---END PC DATA---

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: extention .zwckfaz
« Reply #3 on: January 18, 2019, 01:33:52 pm »
I see, it's GandGrab 5.0.4. The version for which decryptors don't work currently.
Unfortunately, we cannot help you. The extension is random and differs from victim to victim.
You can read more about it from the following article:

Remove GANDCRAB v5.0.4 Cryptovirus

Kind Regards,
Execute