Guster Ransomware
The Guster Ransomware is a ransomware Trojan that is used to force computer users to pay large amounts of money. The Guster Ransomware is an encryption ransomware Trojan, meaning that it will encrypt the victim's files to block access to their content. The Guster Ransomware takes the victim's files hostage until the victim pays a ransom. Although the Guster Ransomware is considered a threat, it is fortunate that there are currently decryption utilities available to help computer users recover from attacks by the Guster Ransomware's family of ransomware.
Table of Contents
There’s not a Decryptor for the Files Encrypted by the Guster Ransomware Trojan Yet
When the Guster Ransomware infects a computer, it prevents victims from accessing their files. The Guster Ransomware scans the victim's hard drive in search for files with certain extensions. The Guster Ransomware will then use a strong encryption algorithm to encrypt each of the files it finds. The files encrypted by the Guster Ransomware will no longer be accessible. The Guster Ransomware identifies the files that have been encrypted by changing their extensions to '.locked.' The Guster Ransomware is a variant of HiddenTear, an open source ransomware engine that was released for educational purposes. Fortunately, the author of HiddenTear made the encryption algorithm vulnerable, meaning that it has been possible for PC security researchers to release decryption programs to help computer users recover from attacks involving HiddenTear variants. Computer users affected by a Guster Ransomware infection can recover their files by using one of these decryption applications.
The Guster Ransomware and Its Relationship with the HiddenTear Family of Threats
In most cases, HiddenTear variants of ransomware will deliver their ransom note in the form of a text note that is dropped on the victim's computer. However, the Guster Ransomware uses a somewhat more advanced approach that is more associated with screen locker ransomware. After the Guster Ransomware finishes encrypting the victim's files, the Guster Ransomware displays a window containing a short ransom message over a black background and with some small images. According to the message, the victim's files were encrypted with a 'military-grade encryption.' The Guster Ransomware uses a VBS script to play audio of the message, demanding that the victim pays a ransom of 0.4 BitCoin in exchange for the decryption key (approximately $300 USD at the current exchange rate). Curiously, even though the Guster Ransomware demands payment through BitCoins, the ransom note does not provide a BitCoin wallet to the victim. The Guster Ransomware demands that the victim contacts the con artists at the email nucklearsupport@yandex.ru to receive further instructions. The email should include a unique ID number that is listed in the ransom message. One would presume that after contacting the email address, victims of the Guster Ransomware will receive the BitCoin wallet address for payment purposes.
Dealing with a Guster Ransomware Infection
The Guster Ransomware ransom note includes threatening language claiming that the decryption key will expire after a certain time, including a timer to cause computer users to panic. This is not true, and that computer users should rest easy regarding the timer in the Guster Ransomware ransom note. Fortunately, since the decryption key is available freely, PC security researchers strongly recommend computer users to avoid making this ransom payment. Even if a decryption key were not available (as is the case with numerous ransomware Trojans), computer users should still refrain from paying these ransoms. The people associated with these attacks may ignore the victims, ask for more money, or deliver a decryption program that simply does not work. Paying the ransom for these attacks supports the creators of ransomware, allowing them to create further attacks.
After restoring the files using the decryption program, PC security researchers strongly advise computer users to run a full scan of their computers using a reliable security program that is fully up-to-date. Steps should be taken to backup all files to prevent future attacks.
SpyHunter Detects & Remove Guster Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | ec2a8d8f7853397f86a4c96fdbe01b19 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.