This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I get GrandCrab Ramsonware v2.0

Hello, yesterday i get the GrandCrab Ramsonware and encrypte all my files, y use Sophos Endpoint and Control

¿Anyone have a tool or how can i clean and restore my files?

Grettings!



This thread was automatically locked due to age.
Parents
  • Hello Eduardo, 

    Sorry to hear your have been hit by GandCrab, unfortunately there is no known way to decrypt the files (other than paying the ransom which we don't recommend). Restoring from backups is the best option if you have them.

    Which product are you using exactly, is it the endpoint protection managed via the Sophos Enterprise Console? If you have the Exploit Prevention license it includes CryptoGuard anti-ransomware protection which automatically stops GandCrab. This is also available in the Intercept X product.

    If you raise a ticket with Support we can check your settings to ensure everything is enabled correctly. 

  • We noticed in our tests before that Intercept X stops the threat pre-execution and with CryptoGuard. 

Reply Children
No Data