Threat Database Ransomware Guster Ransomware

Guster Ransomware

By GoldSparrow in Ransomware

The Guster Ransomware is a ransomware Trojan that is used to force computer users to pay large amounts of money. The Guster Ransomware is an encryption ransomware Trojan, meaning that it will encrypt the victim's files to block access to their content. The Guster Ransomware takes the victim's files hostage until the victim pays a ransom. Although the Guster Ransomware is considered a threat, it is fortunate that there are currently decryption utilities available to help computer users recover from attacks by the Guster Ransomware's family of ransomware.

There’s not a Decryptor for the Files Encrypted by the Guster Ransomware Trojan Yet

When the Guster Ransomware infects a computer, it prevents victims from accessing their files. The Guster Ransomware scans the victim's hard drive in search for files with certain extensions. The Guster Ransomware will then use a strong encryption algorithm to encrypt each of the files it finds. The files encrypted by the Guster Ransomware will no longer be accessible. The Guster Ransomware identifies the files that have been encrypted by changing their extensions to '.locked.' The Guster Ransomware is a variant of HiddenTear, an open source ransomware engine that was released for educational purposes. Fortunately, the author of HiddenTear made the encryption algorithm vulnerable, meaning that it has been possible for PC security researchers to release decryption programs to help computer users recover from attacks involving HiddenTear variants. Computer users affected by a Guster Ransomware infection can recover their files by using one of these decryption applications.

The Guster Ransomware and Its Relationship with the HiddenTear Family of Threats

In most cases, HiddenTear variants of ransomware will deliver their ransom note in the form of a text note that is dropped on the victim's computer. However, the Guster Ransomware uses a somewhat more advanced approach that is more associated with screen locker ransomware. After the Guster Ransomware finishes encrypting the victim's files, the Guster Ransomware displays a window containing a short ransom message over a black background and with some small images. According to the message, the victim's files were encrypted with a 'military-grade encryption.' The Guster Ransomware uses a VBS script to play audio of the message, demanding that the victim pays a ransom of 0.4 BitCoin in exchange for the decryption key (approximately $300 USD at the current exchange rate). Curiously, even though the Guster Ransomware demands payment through BitCoins, the ransom note does not provide a BitCoin wallet to the victim. The Guster Ransomware demands that the victim contacts the con artists at the email nucklearsupport@yandex.ru to receive further instructions. The email should include a unique ID number that is listed in the ransom message. One would presume that after contacting the email address, victims of the Guster Ransomware will receive the BitCoin wallet address for payment purposes.

Dealing with a Guster Ransomware Infection

The Guster Ransomware ransom note includes threatening language claiming that the decryption key will expire after a certain time, including a timer to cause computer users to panic. This is not true, and that computer users should rest easy regarding the timer in the Guster Ransomware ransom note. Fortunately, since the decryption key is available freely, PC security researchers strongly recommend computer users to avoid making this ransom payment. Even if a decryption key were not available (as is the case with numerous ransomware Trojans), computer users should still refrain from paying these ransoms. The people associated with these attacks may ignore the victims, ask for more money, or deliver a decryption program that simply does not work. Paying the ransom for these attacks supports the creators of ransomware, allowing them to create further attacks.

After restoring the files using the decryption program, PC security researchers strongly advise computer users to run a full scan of their computers using a reliable security program that is fully up-to-date. Steps should be taken to backup all files to prevent future attacks.

SpyHunter Detects & Remove Guster Ransomware

File System Details

Guster Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe ec2a8d8f7853397f86a4c96fdbe01b19 0

Trending

Most Viewed

Loading...