Genocheats Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | January 9, 2018 |
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The Genocheats Ransomware is an encryption ransomware Trojan that is based on HiddenTear, an open source ransomware creator that has been responsible for countless ransomware variants in recent years. The Genocheats Ransomware is being delivered to victims by disguising it as a cracked version of the Adobe Photoshop or Minecraft. Pirated software is a common lure used to trick computer users into downloading and installing threats like the Genocheats Ransomware. The Genocheats Ransomware carries out a typical version of these types of tactics, using the AES encryption to make the victim's files inaccessible, and then demanding the payment of a ransom in exchange for decrypting the victim's files. When the Genocheats Ransomware attack encrypts a file, it can be recognized easily because the Genocheats Ransomware will rename it, appending the file extension '.encrypted' to any file affected by the attack. The Genocheats Ransomware will change the infected computer's desktop wallpaper image and drop a text file named 'READ_IT.txt' on the infected computer's desktop to deliver its ransom note.
How the Genocheats Ransomware may Enter a Computer and Infect It
The Genocheats Ransomware has two variants; one containing a message written in Italian and the other a message in English. The Genocheats Ransomware demands a small ransom, approximately 10 USD in Bitcoin, to be paid in exchange for the decryption key. However, there are aspects of the Genocheats Ransomware that make it seem that the Genocheats Ransomware is unfinished and victims cannot count on the people responsible for the attack to keep their promise and help victims recover their files. The Genocheats Ransomware uses an encryption method in its attack that is quite strong and makes it not possible to restore files lost in the Genocheats Ransomware attack without the decryption key currently. Computer users are advised to refrain from contacting the people responsible for the Genocheats Ransomware since this may put them at risk for additional hoaxes or infections.
Protecting Your Data from Threats Like the Genocheats Ransomware
Ransomware Trojans like the Genocheats Ransomware tend to target the user-generated files, which may include files with any of the following file extensions:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Computer users should avoid compromising situations that can allow the Genocheats Ransomware to be installed to prevent its attack. In the case of the Genocheats Ransomware itself, computer users should avoid pirated software and websites where these programs may be distributed (such as torrent websites and other file-sharing networks).
Since threats like these will take the victim's files hostage, it is indispensable to have file backups, either on an external, portable device or the cloud. The ransom messages displayed by the two the Genocheats Ransomware variants (the Italian and the English version) read:
'!!! Your PC has been Locked !!!
To decrypt your files
Send 10$ BTC to
3Fr6KwRoWFNjGdqV6GjBKKytsgimgdxf7Q
and email me the transaction ID + your computer name
Genobot01@gmail.com'
'Ciao Il tuo computer è stato violato. I tuoi dati sono stati appena crittografati con na chiave univoca. Non andare nel panico ma segui e eggi con attenzione le istruzioni riportate nel file READ.ME.txt sul tuo Desktop per riavere i tuoi file indietro.'
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.