Multi-Device Licenses (Volume Discounts)

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Português
Threat Database Ransomware Gcahvv Ransomware

Gcahvv Ransomware

By GoldSparrow in Ransomware
Translate To:
English

The Gcahvv Ransomware is a potent crypto locker, part of the Snatch ransomware family. As such, it displays many of the characteristics found in the Snatch Ransomware without incorporating any major deviation.

Still, Gcahvv possesses tremendous potential for destruction as it can encrypt a large array of filetypes with an uncrackable cryptographic algorithm. Victims of the threat will be locked out from using the infected device effectively, as they will no longer be capable of accessing the contents of any of their personal and business files. A telltale sign of Gcahvv's threatening activities is the appending of '.gcahvv' as a new extension to the original name of every file it has encrypted. The threat delivers its ransom note by dropping a text file named 'HOW TO RESTORE YOUR FILES.TXT' in all the folders that contain an encrypted file.

The note's instructions reveal that affected users are expected to initiate communication with the cybercriminals by sending an email to either of the two provided email addresses 'legalrestore@airmail.cc' or 'legalrestore@tutanota.com.' The hackers allow up to three files that are no bigger than 1MB to be attached to the email for free decryption. The ransom note doesn't mention the exact sum of the ransom demanded by the criminals or if the sum must be paid in any of the popular cryptocurrencies. The ransom note makes a vague attempt to scare victims by claiming that if they do not establish contact within 48, their data may no longer be possible to recover.

The Gcahvv Ransomware's note states:

'Hello! All your files are encrypted and only we can decrypt them.

Contact us: legalrestore@airmail.cc or legalrestore@tutanota.com

Write us if you want to return your files - we can do it very quickly!

The header of letter must contain extension of encrypted files.

We always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like protonmail.com).

Attention!

Do not rename or edit encrypted files: you may have permanent data loss.

Do not edit or delete any virtual machines files

To prove that we can recover your files, we am ready to decrypt any three files (less than 1Mb) for free (except databases, Excel and backups).

HURRY UP!

If you do not email us in the next 48 hours then your data may be lost permanently.'

Trending

Most Viewed

Loading...