Files encrypted by (.ACFJKSO extension) ransomware

Dear Team,

I am facing an issue with my windows 10 PC that some of my documents are renamed with '.ACFJKSO' extension. If I am trying to rename the file nothing is happening.

From these symptoms I realized that it is a Torjan- Ransom like CBT- Locker

Does any one have a proper solution for this problem?

Inside all folders there is one' .txt' file named as ACFJKSO-DECRYPT.txt. The content inside this test file is as below mentioned.  

---=    GANDCRAB V5.0.4  =--- 


***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************


*****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****


Attention! 


All your files, documents, photos, databases and other important files are encrypted and have the extension: .ACFJKSO      


The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.



The server with your key is in a closed network TOR. You can get there by the following ways:


----------------------------------------------------------------------------------------


| 0. Download Tor browser - https://www.torproject.org/ 


| 1. Install Tor browser 

| 2. Open Tor Browser 

| 3. Open link in TOR browser:   http://gandcrabmfe6mnef.onion/aa26b055c8d83b98                        

| 4. Follow the instructions on this page 


----------------------------------------------------------------------------------------                    

    


On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. 



ATTENTION!


IN ORDER TO PREVENT DATA DAMAGE:


* DO NOT MODIFY ENCRYPTED FILES

* DO NOT CHANGE DATA BELOW

 

Question Info


Last updated March 31, 2019 Views 112 Applies to:
Answer
Answer

=================================================================================

EDIT Feb 19, 2019:

IMPORTANT UPDATE:

New free decryptor available for decryption of all GandCrab ransomware versions released since October 2018. GandCrab versions 1, 4 and up through 5.1

See here: https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/

Later EDIT:

Seems that some people are having troubles with the decryption of their files.

In case you too, you could email the Bitdefender guys. You'll find the respective link in the Feedback section of the decryptor tool. For more information please see this how-to guide.

================================================================================

See:

https://id-ransomware.blogspot.com/2018/09/gandcrab-5-ransomware.html

The following is a copied/pasted part from this post of quietman7 - MVP

=======================================================================

Any files that are encrypted with GandCrab V5.1+, like its predecessors, will also have a random 5-10 character extension appended to the end of the encrypted data filename.

Files encrypted by GandCrab V5.0.4+ are not decryptable without paying the ransom and obtaining the private key from the criminals who created the ransomware unless it is leaked or seized & released by authorities. These versions do not work with BitDefender's decryption tool (see here).

Malware Intelligence Analyst Marcelo Rivero has reported many new undecryptable versions...5.0.7 - 5.0.8 - 5.1.0 - 5.1.4 - 5.1.5 - 5.1.6. Unfortunately, there is no known method to decrypt files encrypted by GandCrab V5.0.4+ (V5.0.5 - V5.0.7 - V5.0.8 - V5.0.9) and all the latest versions of GandCrab V5.1+ (V5.1.0 - V5.1.4 - V5.1.5 - V5.1.6) since the decryption tool will not work on any versions from V5.0.4 and beyond at this time.

Bitdefender confirmed it's not decryptable and the company posted the following note at the top of the decryption tool download page.

QUOTE

READ THIS BEFORE DOWNLOADING: this tool does not work for users infected with GandCrab version 5.0.4 and newer. GandCrab version 5.0.4 is currently undecryptable and running this tool on a computer infected by this version will result in Initialization Error.

If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Ignore all Google searches which provide links to bogus and untrustworthy removal/decryption guides.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

GandCrab Ransomware Help & Support Topic (.GDCB, .CRAB & CRAB-DECRYPT.txt)

=================================================================================

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.