Threat Database Ransomware Green_Ray Ransomware

Green_Ray Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 77
First Seen: May 31, 2016
OS(es) Affected: Windows

The Green_Ray Ransomware is a clone of the Mahasaraswati and the JohnyCryptor Ransomware. PC security analysts have determined that the Green_Ray Ransomware is designed to force inexperienced computer users into paying a ransom to recover their files. The Green_Ray Ransomware takes the victim's files hostage by encrypting them using an advanced encryption method. The Green_Ray Ransomware seems to target computer users in India and has an india.com email address, like the other ransomware Trojans that have been associated with this particular group. The Green_Ray Ransomware's ransom note is particularly short, just as with its clones. A simple message instructs the victim to contact the con artists operating the Green_Ray Ransomware at a particular email address. PC security analysts strongly advise computer users to avoid paying the Green_Ray Ransomware's ransom, since there is no guarantee that these people will restore the victim's files. Instead, they should restore files encrypted by the Green_Ray Ransomware from a backup location.

How the Green_Ray Ransomware and Similar Threats may Attack Your Computer

The Green_Ray Ransomware's harmful executable file may be spread via spam email attachments, although these threats can be delivered through any number of typical delivery methods. When the Green_Ray Ransomware enters a computer, it changes the computer's settings to ensure that the Green_Ray Ransomware runs automatically when the affected computer starts up. The Green_Ray Ransomware encrypts the victim's files, deletes the Shadow Volume Copies of any encrypted file, and drops ransom notes in the form of text files on directories where the files were encrypted. The Green_Ray Ransomware also changes the affected computer's Desktop wallpaper image to display its ransom note. The text files the Green_Ray Ransomware drops are named 'How to decrypt your files.txt,' containing the following text over a colorful landscape:

To decrypt your data write me to the Green_Ray@india.com

After contacting the email address in the ransom note, PC security analysts observed the following response:

Good morning, dear friend!
We are writing to inform you that our team of network security specialists has analyzed your system and has identified vulnerabilities in the protection.
We kindly draw your attention that defensive operation on your computer is not running properly and now the whole database is at risk.
All your files are encrypted and can not be accepted back without our professional help.
Obviously vulnerability analysis, troubleshooting, decoding the information and then ensuring safety are not a simple matter.
And so our high-grade and quick service is not free.
Please note that today the price of your files recovery is 3 Bitcoins, but next day it will cost 5 Bitcoins.
You should buy bitcoins here https://localbitcoins.com/faq
Read the paragraphs:
1. How to buy Bitcoins?
2. How do I send Bitcoins and how can I pay with Bitcoins after buying them?
The Bitcoin wallet for payment is 1DGMeKSALSkYGkedYDUgcvV8mP77WEGusQ
After the transfer of bitcoins please send email with screenshot of the payment page.
We does not advise you to lose time, because the price will encrese with each passing day.
As proof of our desire and readiness to help you, we can decipher a few of your files for test.
To check this you can upload any encrypted file on web site dropmefiles.com, size no more than 10 MB (only text file or a photo) and send us a download link.
Certainly after payment we guarantee prompt solution of the problem, decrypt the database to return to its former condition and consultation how to secure the rules of the system safety.
Kind regards, Green Ray

Note that the message claims that the people behind the Green_Ray Ransomware attack pretend to be helping you protect your computer. The Green_Ray Ransomware attacks force computer users to pay a ransom that is high when compared to other, similar threats.

Dealing with the Green_Ray Ransomware and Similar Threats

It may not be possible currently to decrypt files encrypted by the Green_Ray Ransomware without access to the decryption key. Because of this, it will be necessary for computer users to restore these files from a backup location. Malware analysts advise computer users to disconnect a computer infected with the Green_Ray Ransomware from the Internet or network immediately to prevent the Green_Ray Ransomware infection from spreading within a network. The use of a reliable security program that is fully up-to-date and standard backup procedures can help make computer users impervious to the Green_Ray Ransomware and similar attacks.

SpyHunter Detects & Remove Green_Ray Ransomware

File System Details

Green_Ray Ransomware may create the following file(s):
# File Name MD5 Detections
1. Payload_c.exe 2245551ce293e2c6967786b91710a52b 45
2. Payload(100).exe df7a135cf879b755eafff7cb12cf5f36 16
3. Payload00.exe c4f355599f71d98f49a377c5fec2d909 16

Trending

Most Viewed

Loading...