Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 9 subscribers
  • Views 26586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I get GrandCrab Ramsonware v2.0

Eduardo Velazquez

Hello, yesterday i get the GrandCrab Ramsonware and encrypte all my files, y use Sophos Endpoint and Control

¿Anyone have a tool or how can i clean and restore my files?

Grettings!



This thread was automatically locked due to age.
Parents
  • 0

    Hello Eduardo, 

    Sorry to hear your have been hit by GandCrab, unfortunately there is no known way to decrypt the files (other than paying the ransom which we don't recommend). Restoring from backups is the best option if you have them.

    Which product are you using exactly, is it the endpoint protection managed via the Sophos Enterprise Console? If you have the Exploit Prevention license it includes CryptoGuard anti-ransomware protection which automatically stops GandCrab. This is also available in the Intercept X product.

    If you raise a ticket with Support we can check your settings to ensure everything is enabled correctly. 

  • 0 in reply to PeterM

    We noticed in our tests before that Intercept X stops the threat pre-execution and with CryptoGuard. 

Reply Children
No Data
Unfiltered HTML