Tonyol

GANDCRAB V5.1

Recommended Posts

my pc is infected with GANDCRAB V5.1 randsomeware. I believe i am free from randsomeware but all my files are encrypted. some have the extension RSHLBOK.RUMBA or just one of those.

Share this post


Link to post
Share on other sites

I can't be 100% certain, however based on the two different extensions your system may have been hit by two different ransomwares. "RSHLBOK" looks like a random 7-digit extension, and could be GandCrab. "RUMBA" may potentially be the STOP ransomware.

Recovery of files encrypted by the latest versions of GandCrab are currently not possible.

It may be possible to recover files that were encrypted by the RUMBA variant of the STOP ransomware. Michael Gillespie updated his STOPDecrypter for this variant of STOP, however it only works if the ransomware was unable to contact its command and control servers when it encrypted your files. There is more information at the following link:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-31#entry4673086

Share this post


Link to post
Share on other sites

Thanks GT500,

 

i have tryed to decrypt the files. Some of them are okay now. They where only hit by RUMBA.

the other ones are as you suggested still not accessible.

I hope someone find a solution for this.

Share this post


Link to post
Share on other sites
7 hours ago, Tonyol said:

the other ones are as you suggested still not accessible.

I hope someone find a solution for this.

BitDefender may eventually be able to update their GandCrab decrypter to support GandCrab 5.1. Keep an eye on BleepingComputer's news feed, as they will almost certainly announce when that happens:
https://www.bleepingcomputer.com/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.