Question Regarding Malware Samples

[Aerdian]

I have more recently gotten into malware analysis (the last 4-5 months) and I had a few questions about finding and downloading malware samples.

I download samples to analyze the malware, test AV programs and see how the detection ratios are. Then, I send any samples that are malicious that weren't caught to the AV company. That said, I am not using the samples in a malicious way, far more in a beneficial way. However, since I'm sure some bad, illegitimate people go download the same malware samples with the intent of using them to infect others or using them to learn how malware works so they can make their own, is there anything wrong with downloading malware samples? Do governments put malware analysts on "watchlists" or whatever list possibly suspicious people go onto since they are downloading malware?

Since there are a lot of malware analysts on this forum and I know that many do not work professionally for an AV company, I'm guessing that it's entirely fine, but I just wanted to check on that

Thanks!

 

[Ink]

Do governments put malware analysts on "watchlists" or whatever list possibly suspicious people go onto since they are downloading malware?

I doubt it, unless you're buying hack tools or services.

 

[cruelsister]

Aerdian- You are fine legally. As you are downloading the malware probably from some malware repository, they (the malware) already would be considered Public domain (not copy-written, obviously). And if you share these anywhere, plopping them in a password protected archive ("infected" or "malware") will protect you from any "Intent To Harm" charge.

However as you go on, if you ever code something novel yourself (true zero day FUD)- Never Ever (never ever) share the code with anyone! Even in contacting a Vendor do NOT use the traditional submission pathway nor include the malware itself. Preferred method of submission is explaining the mechanism of attack and why the malware breached the product (needed in case the folk receiving it are idiots); the proper email would be security@whatever vendor.com (normally this is the email address for exploits and zero day stuff).

Finally, if you ever get to the point where you code something and feel like presenting the next best thing in malware at a Conference, Do Not Do It. You would be proof from Legal Action, but not from Guilt when similar things show up in a month.

 

[sreeroopkt]

My laptop is infected with GANDCRAB V5.0.4 ransomware and all files are encrypted.
The extension of all my files in laptop including big video files (.doc, jpj, txt, mp4 etc) are converted to .psqak and unable to open.
Please let me know how to clean this. I've scanned with GrindinSoft Anti-Malware tool and removed infection but it still didn't decrypt my files back.
Will a system restore work?
So let me know how to recover back to regain my files. Pls contact me in below email if there are any safe recovery methods.

Sree
sreeroopkt@gmail.com

 

[Eddie Morra]

My laptop is infected with GANDCRAB V5.0.4 ransomware and all files are encrypted.
The extension of all my files in laptop including big video files (.doc, jpj, txt, mp4 etc) are converted to .psqak and unable to open.
Please let me know how to clean this. I've scanned with GrindinSoft Anti-Malware tool and removed infection but it still didn't decrypt my files back.
Will a system restore work?
So let me know how to recover back to regain my files. Pls contact me in below email if there are any safe recovery methods.

Sree
sreeroopkt@gmail.com

See the following: Malware Removal Assistance For Windows

 

[ChemicalB]

My laptop is infected with GANDCRAB V5.0.4 ransomware and all files are encrypted.
The extension of all my files in laptop including big video files (.doc, jpj, txt, mp4 etc) are converted to .psqak and unable to open.
Please let me know how to clean this. I've scanned with GrindinSoft Anti-Malware tool and removed infection but it still didn't decrypt my files back.
Will a system restore work?
So let me know how to recover back to regain my files. Pls contact me in below email if there are any safe recovery methods.

Sree
sreeroopkt@gmail.com

I don't know if there is a decrypter for that ransomware.
I doubt a local system restore may work; the best solution in these cases is to have a previous backup of your files on an offline and external support.

 

[L0ckJaw]

My laptop is infected with GANDCRAB V5.0.4 ransomware and all files are encrypted.
The extension of all my files in laptop including big video files (.doc, jpj, txt, mp4 etc) are converted to .psqak and unable to open.
Please let me know how to clean this. I've scanned with GrindinSoft Anti-Malware tool and removed infection but it still didn't decrypt my files back.
Will a system restore work?
So let me know how to recover back to regain my files. Pls contact me in below email if there are any safe recovery methods.

Sree
sreeroopkt@gmail.com

Download the Decrypt tools here : The No More Ransom Project

 

[Eddie Morra]

Using the link that @L0ckJaw kindly shared with us, here's the decryption utility for GandCrap V1, V4 and V5 (from Bitdefender): http://download.bitdefender.com/am/malware_removal/BDGandCrabDecryptTool.exe

@sreeroopkt

 

[harlan4096]

ID Ransomware