You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

Recent Posts

Pages: [1] 2 3 ... 10
1
Malware Removal Questions and Guides / Re: I got Gandcrab 5.0.4, have questions
« Last post by Execute on December 10, 2018, 10:05:19 am »
@jimdays,
No problem - we are here to help.

My question is, why doesn't a regular browser even work ( I tried Chrome/firefox/IE and it didn't work) to be able to go to the person's ransom amount page?

1) If I didn't make myself explicit, the ransomware creators make their ransom note and instructions pages hosted on the TOR network, meaning that ONLY the Tor browser can access these pages and nothing else in the World, not a browser, not another program.

That is indeed one of the addresses, but there are many such Web pages with GandCrab instructions.

2) Not really. Usually, ransomware authors want you to pay, so they can make exceptions for a lower amount, but not always. For negotiations and response time, it depends on the cybercriminals and whether they don't like the victim or are willing to get at least some money out of him.

We at SensorsTechForum have seen some respond right away, some take days and some never respond, but we also advise AGAINST paying the cybercriminals. Not only there is no guarantee that your files will get decrypted, but you are also supporting criminals, which will most probably continue to make ransomware, etc. Even if you unlock your files, you can become a victim again in the future...


2
Malware Removal Questions and Guides / Re: decrypt tools for GANDCRAB V5.0.4
« Last post by Execute on December 10, 2018, 09:42:39 am »
any new about decrypt tools for GANDCRAB V5.0.4   please help   all my files are decrypt    shiiiiiiiiiiit

Save the files you want to decrypt, and try to find an unencrypted version of at least 1 file. In a few weeks, there might be a decryption tool made by BitDefender who made a tool for previous versions - https://sensorstechforum.com/decrypt-gandcrab-ransomware-files/

Best Regards,
Execute
3
Malware Removal Questions and Guides / Re: I got Gandcrab 5.0.4, have questions
« Last post by jimdays on December 08, 2018, 05:38:49 pm »
Thank you for the response. Couple other questions:
1) You said tor browser is used because it doesn't store personal data. My question is, why doesn't a regular browser even work ( I tried Chrome/firefox/IE and it didn't work) to be able to go to the person's ransom amount page? (I was able to see the person's ransom amount page with tor browser). Is Chrome/firefox/IE just not able to resolve certain categories of internet addresses?
Here is the person's ransom amount page (posted in bleeping computer public forum):
http://gandcrabmfe6mnef.onion/60a5301a365e6aee
I went to that page a couple days ago with tor browser and was able to see his ransom amount page but I couldn't get to it with regular browser.
2) Do you have any idea what percentage of time (using the chat function in ransom amount page) the victim is able to negotiate a lower ransom amount?  Like, for example, negotiate from $600 to $300?
4
Malware Removal Questions and Guides / decrypt tools for GANDCRAB V5.0.4
« Last post by poulalmind on December 08, 2018, 06:00:15 am »
any new about decrypt tools for GANDCRAB V5.0.4   please help   all my files are decrypt    shiiiiiiiiiiit
5
Malware Removal Questions and Guides / Re: I got Gandcrab 5.0.4, have questions
« Last post by Execute on December 07, 2018, 10:15:24 am »
Hello @jimdays.

First of all - you were never banned. I won't explain it further, but I will just say that there is post moderation due to spam.

Second, new viruses are released every single day - literally. So it is hard to tell specifics for each of them. The partition could have been infected, but we have received no reports of that happening thus far.

Third, most ransomware viruses today use the TOR network to host their ransom notes. The ransom note is inacessible from anywhere else. The reason is mainly for them to stay anonymous so they are not caught by FBI, CIA, Interpol and other such agencies. Other browsers can detect information about you and your computer.

Fourth, GandCrab v5.0.4 has new malware "strings" released in the Internet everyday, so each anti-virus and anti-malware vendor has to add these new variations of the virus to their database, so that can take from a few hours to weeks. If the variant is not discovered, half of the anti-virus programs won't detect it. Some malicious behaviour can be observed and stopped though.

Best Regards,
Execute
6
Software Reviews / Re: Remo Recover for Android - is it worth paying for?
« Last post by bashao on December 07, 2018, 08:38:26 am »
If we have deleted data on Android without backup and want to get them back, such data recovery for Android is useful. But before that, we'd better take backup of data on your Android phone frequently. So, we can recover from backup files easily.
7
Malware Removal Questions and Guides / Re: I got Gandcrab 5.0.4, have questions
« Last post by jimdays on December 07, 2018, 02:23:30 am »
Thank you for unbanning me. I have one more question. The computer I have is Windows 7 netbook. It has a hidden partition that can be used to restore the computer (erase everything and re-image from the hidden partition). Do you think the hidden partition got affected by the Gandcrab 5.0.4? In other words, if I were to use that hidden partition to restore the computer, would that work OK? I don't have any plans to do that (because the computer seems to run fine now), but I want to know for future reference.  Malwarebytes free version is constantly showing zero virus/malware on the computer. Oh, one other question. I was looking online for other people that got gandcrab  and somebody posted the ransom screens (unfortunately I  deleted all my encrypted files (about 2000) with ransom info before I had a chance to look at them). The screen (posted) said you need to use a tor browser to see the ransom amount and how to pay. I used a regular browser ( on that person's posted info) and that didn't work. I downloaded the tor browser and I was able to see the ransom amount ($600) that just increased to $1200 because he didn't pay by the deadline. Also there was a chat function (now made inoperable until payment received) presumably to negotiate a lower price, and there was detailed but simple info on how to pay. My question is: why didn't the regular browser lead me to the ransom amount screen? What is so special about the tor browser that it is necessary to use it to see the ransom amount screen? In that chat function, are people typically able to negotiate a
lower ransom, say $300 instead of the initial $600?
8
Gaming Malware / Re: PUBG Ransomware Wants You to Play "Player Unknown Battlegrounds"
« Last post by Execute on December 06, 2018, 12:06:54 pm »
i play pubg with tencent

The ransomware targets players, regardless of the way they launch the game and what additional software they have or what Internet provider they have, but the good news is that its actions are reversable.

Having the game, as long as its paid and not "cracked" shouldn't be a cause for concern.
9
Gaming Malware / Re: PUBG Ransomware Wants You to Play "Player Unknown Battlegrounds"
« Last post by zoziano on December 05, 2018, 06:32:31 pm »
i play pubg with tencent
10
Malware Removal Questions and Guides / Re: I got Gandcrab 5.0.4, have questions
« Last post by Execute on December 04, 2018, 01:43:42 pm »
Hello @jimdays,
first let me disambiguate something for you:

Quote
...I got message that I was banned permanently...

You were never banned. The fact that you posted the comments and that they both went through already proves that. There is a spam-filter so it takes some time before posts get moderated (/approved). The error you have seen shows when a proxy, VPN or other similar service is used (when IP addresses, DNS settings and other Internet settings are changed).

To the main comment and question:

I think that the anti-malware tool you used did the heavylifting and supposedly your system should be clear of the executables that launch the GandCrab cryptovirus. However, there might be some registry files related to the virus, that might have stayed on your system. Regardless, even if that is true, the registry entries cannot do a thing if the executable files are missing. If I was you I would format the C drive or whichever drive holds the Windows OS (assuming that you have that OS). Then I would use my backup to recover the PC with all files that got encrypted. Also, there is no guarantee if there is a keylogger or some other malware that got in alongside the GandCrab ransomware.

In any case, I am truly happy that you had a backup and that you probably do them regularly! =)

P.S.: Some ransomware viruses and other malware can have all engines green/clear, especially if the malware sample is new and not in their databases yet. Let that be a lesson to you and don't open executables before you scan them with anti-malware software or do more research.

BTW, the newest version of the ransomware is already out - you can visit our article for GandCrab v5.0.9 Cryptovirus to check out what's new and if you are curious to know more about it.

Happy trails! =)
Pages: [1] 2 3 ... 10