Gachimuchi Ransomware

The Gachimuchi Ransomware is a threat that can be used in financially-motivated attack operations. Threat actors can deploy the malware on breached devices and use it to lock the data of their victims. The targeted file types will be encrypted with an uncrackable cryptographic algorithm that will leave them in an unusable state. The cybercriminals will then extort the impacted organizations or computer users. Typically, the attackers promise to send the required decryption key upon being paid a hefty ransom.

The most obvious sign of an infection with the Gachimuchi Ransomware is the change in the original names of the locked files. The threat will generate a LaunchID string for each victim and append it to the names of the encrypted files. The string will be followed by 'BillyHerrington' and, finally, '.Gachimuchi' as a new file extension. A ransom note also will be delivered to the breached device. The malware will place it inside a newly created text file named '#HOW_TO_DECRYPT#.txt.'

Ransom Note's Details

Like most messages left by ransomware threats, this one also is mainly concerned with telling victims how to establish contact with the attackers. Apparently, the operators of the Gachimuchi Ransomware can be reached through several different communication channels. First, they mention a skype account at 'Gachimuchi DECRYPTION.' If that doesn't work, victims can try an ICQ account at '@Gachimuchi.' The ransom note also mentions an email address at 'gachimuchi@onionmail.org' that is supposed to be used only if the first two methods fail. In addition, the cybercriminals also state that they are willing to decrypt a couple of files for free as a demonstration that they can restore the data of their victims.

The full text of the note is:

'ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!

Your files are NOT damaged! Your files are modified only. This modification is reversible.
The only 1 way to decrypt your files is to receive the private key and decryption program.

Any attempts to restore your files with the third party software will be fatal for your files!

To receive the private key and decryption program follow the instructions below:

Write to our skype - Gachimuchi DECRYPTION
Also you can write ICQ live chat which works 24/7 @Gachimuchi
Install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @Gachimuchi hxxps://icq.im/Gachimuchi
If we not reply in 6 hours you can write to our mail but use it only if previous methods not working - gachimuchi@onionmail.org

Our company values its reputation. We give all guarantees of your files decryption,such as test decryption some of them
We respect your time and waiting for respond from your side
tell your MachineID: and LaunchID:'