GhostCrypt Ransomware
The GhostCrypt Ransomware is a ransomware encryption Trojan that pretends to be the Cryptolocker Ransomware, a well-known encryption ransomware infection. In fact, the GhostCrypt Ransomware is a less severe infection and, fortunately, a decryption utility has been developed by PC security analysts. The GhostCrypt Ransomware changes the encrypted files' extensions to '.Z81928819' after encrypting them using its encryption algorithm. The GhostCrypt Ransomware demands a ransom payment of two BitCoins. In most cases, it is not possible to recover from these infections, and computer users need to recover the encrypted files from a backup after deleting the contents of their hard drive. However, in the case of the GhostCrypt Ransomware, it is possible to decrypt the encrypted files with the help of an available decryption utility. This is a case that is out of the ordinary; PC security analysts strongly advise computer users to backup all of their files regularly to avoid becoming a victim of the GhostCrypt Ransomware and other ransomware Trojans.
Table of Contents
How Con Artists may Distribute the GhostCrypt Ransomware and Similar Threats
Most encryption ransomware threats, including the GhostCrypt Ransomware, may be distributed through spam email messages. Victims may receive email messages that appear to come from a shipping company like DHL or FedEx, which supposedly includes an invoice or tracking attachment. The file attachment or embedded link may be corrupted, installing the GhostCrypt Ransomware on the victims' computers as soon as they click on it. When the GhostCrypt Ransomware enters the victim's computer, it uses its encryption algorithm to encrypt the victim's files.
How the GhostCrypt Ransomware Attack Works
The GhostCrypt Ransomware attack is not unlike most other encryption ransomware Trojans: the GhostCrypt Ransomware scans the victim's hard drive for files that it can encrypt and then uses its encryption algorithm to encrypt them. Fortunately, the encryption used by the GhostCrypt Ransomware is not particularly difficult to crack, and PC security analysts have released a decryption utility. This is why, perhaps, the GhostCrypt Ransomware impersonates CrytoLocker, a more threatening ransomware Trojan that is well-known and for which there is no decryption utility available. The following are the file formats targeted by the GhostCrypt Ransomware:
.asp, .aspx, .avi, .bk, .bmp, .css, .csv, .divx, .doc, .docx, .eml, .htm, .html, .index, .jpeg, .jpg, .lnk, .mdb, .mkv, .mov, .mp3, .mp4, .mpeg, .msg, .odt, .ogg .pdf, .php, .png, .ppt, .pptx, .psd, .rar, .sln, .sql, .txt, .wav, .wma, .wmv, .xls, .xlsx, .xml, .zip
After encrypting the victim's files, the GhostCrypt Ransomware changes their extensions and delivers ransom notes in the form of text, HTML, and image files on directories where it has encrypted files. The GhostCrypt Ransomware displays pop-up messages and changes the victim's Desktop image into a ransom note as well. C security analysts have linked the following ransom note to the GhostCrypt Ransomware attacks (note how the ransom note claims that the attack was carried out by CryptoLocker):
Files have been encrypted by CryptoLocker.
In order to get hands on your files again and decrypt them you must pay 2 BTC (Bitcoin).
You must complete the following steps:
1. Android users must download the application called Bitcoin Wallet. iOS users must download the application called Copay.
2. After you register and receive a Bitcoin account you must buy 2 BTC (BitCoins) in order to load your account.
3. You must than send the BitCoins bought to one of the following accounts.
Accounts:
1. 19YWTHeSf1c4a2j1YNPTb3VCJn5ee21GRX
2. 1546jBPBRnR4NVrCZzVm7NtaH8FMQEy9mQ
Once we will receive the payment the decryption key will be issued to you and your files will be decrypted.
For more information please visit: https://goo.gl/wDhp4J
Preventing the GhostCrypt Ransomware Attacks
The best way to prevent ransomware encryption Trojan attacks is to backup all files regularly. Having a backup on an external memory device or the cloud can allow computer users to wipe their hard drive and recover their files without having to pay the ransom amount. Computer users should also avoid opening unsolicited email messages, attachments, or links to avoid becoming infected with the GhostCrypt Ransomware or any of the many other ransomware Trojans that are typically delivered using spam email.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.