Recommended Posts

My PC has been infected with two ransomwares GANDCRAB 5.1 with an extension of ".cqkqeunj" and other one with an extension of ".adobe". I can't start my windows defender or any anti-virus program too. I am sending an attachment of an infected file along with ransom notes.

I got the "_openme.txt" ransom note with an ".adobe" extension before the "CQKQEUNJ-DECRYPT.txt" ransomware note with ".cqkqeunj" extension appeared.

Please help me with this.

CQKQEUNJ-DECRYPT.txt

msi_nb_gs75-stealth_photo08-100784753-large.jpg.adobe.cqkqeunj

_openme.txt.cqkqeunj

Share this post


Link to post
Share on other sites

That's definitely GandCrab:
https://id-ransomware.malwarehunterteam.com/identify.php?case=554eb9b22bda868bd51497640cd9d9116d071dde

Note that the ".adobe" before the ".cqkqeunj" more than likely means that the files were encrypted by a variant of STOP before they were encrypted by GandCrab.

There's currently no known way to decrypt files that have been encrypted by GandCrab without obtaining the private key from the criminals who made the ransomware. In theory BitDefender may eventually update their GandCrab decrypter to support version 5.1, however at the moment it is incapable of decrypting files encrypted by this newer version.

As for the ".adobe" extension, it may be decryptable. If you have any files with a name that ends in only ".adobe" and you have a ransom note for them that includes an ID number, then send me a private message with the ID number that's in the ransom note and I will see if decryption is possible.

Share this post


Link to post
Share on other sites

Thank you! But I have no separate file for the ".adobe" extension and its ransom note was also encrypted by the GandCrab ransomware.

The file "_openme.txt.cqkqeunj" was the ransom note for the STOP ransomware with ".adobe" extension, but was encrypted by GandCrab.

I even tried the BitDefender decrypter but it did not ran and said "Initialization Failed". If there is any other way please do send me the link for the decrypter.

Share this post


Link to post
Share on other sites
3 hours ago, Pranil Karna said:

If there is any other way please do send me the link for the decrypter.

Currently there's no known way to decrypt files that have been encrypted by GandCrab 5.1 without first obtaining the private key from the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.