Recommended Posts

My PC has been infected with two ransomwares GANDCRAB 5.1 with an extension of ".cqkqeunj" and other one with an extension of ".adobe". I can't start my windows defender or any anti-virus program too. I am sending an attachment of an infected file along with ransom notes.

I got the "_openme.txt" ransom note with an ".adobe" extension before the "CQKQEUNJ-DECRYPT.txt" ransomware note with ".cqkqeunj" extension appeared.

Please help me with this.

CQKQEUNJ-DECRYPT.txt

msi_nb_gs75-stealth_photo08-100784753-large.jpg.adobe.cqkqeunj

_openme.txt.cqkqeunj

Share this post


Link to post
Share on other sites

That's definitely GandCrab:
https://id-ransomware.malwarehunterteam.com/identify.php?case=554eb9b22bda868bd51497640cd9d9116d071dde

Note that the ".adobe" before the ".cqkqeunj" more than likely means that the files were encrypted by a variant of STOP before they were encrypted by GandCrab.

There's currently no known way to decrypt files that have been encrypted by GandCrab without obtaining the private key from the criminals who made the ransomware. In theory BitDefender may eventually update their GandCrab decrypter to support version 5.1, however at the moment it is incapable of decrypting files encrypted by this newer version.

As for the ".adobe" extension, it may be decryptable. If you have any files with a name that ends in only ".adobe" and you have a ransom note for them that includes an ID number, then send me a private message with the ID number that's in the ransom note and I will see if decryption is possible.

Share this post


Link to post
Share on other sites

Thank you! But I have no separate file for the ".adobe" extension and its ransom note was also encrypted by the GandCrab ransomware.

The file "_openme.txt.cqkqeunj" was the ransom note for the STOP ransomware with ".adobe" extension, but was encrypted by GandCrab.

I even tried the BitDefender decrypter but it did not ran and said "Initialization Failed". If there is any other way please do send me the link for the decrypter.

Share this post


Link to post
Share on other sites
3 hours ago, Pranil Karna said:

If there is any other way please do send me the link for the decrypter.

Currently there's no known way to decrypt files that have been encrypted by GandCrab 5.1 without first obtaining the private key from the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.