GetCrypt Ransomware

GetCrypt Ransomware Description

Malware experts have identified a new ransomware threat, which is targeting innocent users. They dubbed it the GetCrypt Ransomware. File-locking Trojans, like the GetCrypt Ransomware, have been very popular among cybercriminals in recent years. They claim their victims by tricking the users into allowing the threat onto their computers. Then the data-encrypting Trojan locks the user's data and demands cash in return for the decryption key. This is a very aggressive and threatening malware type.

The GetCrypt Ransomware is likely being propagated using mass spam email campaigns, bogus application updates and corrupted pirated software. Once the GetCrypt Ransomware lands on your machine, it will perform an extensive scan of your data. When the scan is completed, the GetCrypt Ransomware would have identified and located all the files it was set to encrypt. Logically, the next step is the encryption process itself. The GetCrypt Ransomware would lock your files and add a new extension at the end of the file name. It is interesting that this file-locking Trojan does not have a consistent extension that it adds; instead, the GetCrypt Ransomware applies random 4-character extensions to the affected files. For example, the new extension could be '.OGHF' or '.TRSP,' etc. The next step is dropping the ransom note. The GetCrypt Ransomware's ransom note is named '# DECRYPT MY FILES #.txt.' Using only capital letters accompanied by exclamation marks or other symbols as a ransom note name is a common method used by cybercriminals because it makes the note more visible to the victim. In the note, the creators of the GetCrypt Ransomware inform the users that their data have been locked using a 'strong algorithm.' They also go on to say that it is impossible to recover the encrypted data without using the original key (which the attackers have). Then, the authors of the GetCrypt Ransomware provide an email 'getcrypt@cock.li,' where the user is meant to contact them. In case they do not receive a reply within 48 hours, the attackers ask the victim to send an email to an alternative address – cryptget@tutanota.com.

We recommend you not to follow these instructions. It is not a good idea to pay cybercriminals not only because your cash will go towards their shady future endeavors, but because it is likely that they will not provide you with the decryption key they are promising. A better option is to make sure you install a reputable anti-malware application and have it clean your computer of this nasty bug.

Technical Information

File System Details

GetCrypt Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 c:\users\arumugam\appdata\local\temp\low\rad9f9b4.tmp.exe 709,632 6d21c5c3bcff6076179bccd9ea6d1464 9

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.