Threat Database Ransomware Gac Ransomware

Gac Ransomware

The Gac Ransomware is a potent crypto locker threat that has been determined to belong to the infamous and extremely prolific Dharma Ransomware family. Gac shows little deviation from the standard Dharma variant. Its most distinguishing aspects are the email addresses used as a communication channel and the unique extension it appends to the names of encrypted files.

The Gac Ransomware's encryption process is strong enough to leave its victims unable to access or use their files stored on the compromised computer system. Following the typical Dharma pattern, Gac also changes the names of the files it affects drastically. It adds a string of characters denoting the unique ID assigned for the particular victim, followed by an email address and finally '.gac' as a new extension. The email address is '' Again following the behavior of typical Dharma-spawned ransomware, Gac delivers two distinct ransom notes. First, it drops text files named 'FILES ENCRYPTED.txt' in every folder containing encrypted data. The main note, however, is displayed in a pop-up window.

Opening the text files created by the threat will provide affected users with little useful information as the text inside simply tells them to contact either the aforementioned '' or a secondary address at '' The pop-up window states that the reserve email address should be used only if victims do not receive an answer from the hackers within 12 hours after sending a message to the primary email. Several warnings are also listed - affected users should abstain from changing the names of the encrypted files or using any third-party solutions to try and decrypt them.

The full text found inside the 'FILES ENCRYPTED.txt' files is:

'all your data has been locked us

You want to return?

write email or'

The ransom note displayed in the pop-up window is:


Don't worry,you can return all your files!

If you want to restore them, follow this link: email YOUR ID 1E857D00

If you have not been answered via the link within 12 hours, write to us by


Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Related Posts


Most Viewed