Gilfillan Ransomware
The Gilfillan Ransomware has been identified as a variant that originated from the VOidCrypt malware family. However, this fact doesn't diminish the threat's capacity to cause significant damage to the computers and devices it manages to infect. Indeed, the encryption routine of the Gilfillan Ransomware is sufficient to impact a large range of file types and leave them in a completely unusable state.
In addition, victims will notice that each affected file has had its original name modified to a significant degree. The threat generates an ID string for each victim and adds it to the names of the locked files. Following it is an email address controlled by the attackers. Finally, a new file extension - '.Gilfillan.' will be appended. Instructions for the affected users will be delivered to the systems in two different forms - as a text file named 'Decryption-Guide.txt' and a 'Decryption-Guide.HTA' file.
Ransom Note's Details
The ransom-demanding messages in both sources are completely identical. They instruct victims that the locked files can still be restored but only via the decryption tool and key that the attackers possess. To get them, victims are expected to pay a ransom with the exact price being subjected to negotiation. As a potential communication channel, the hackers provide a single email address - 'PaulGilfillan@cyberfear.com.' Attached to the message must be a file created by the Gilfillan Ransomware on the compromised systems. The name of the file could be similar to 'KEY-SE-24r6t523' or 'RSAKEY.KEY' and should typically be located in the C:/ProgramData directory. Without the information contained in this file, even the hackers will not be able to complete the decryption of the victims' data.
The entire set of instructions left by Gilfillan Ransomware is:
'Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : KEY-SE-24r6t523 or RSAKEY.KEY) to Make Sure Your Files Can be Restored
Make an Agreement on Price with me and Pay
Get Decryption Tool + RSA Key AND Instruction For Decryption Process
Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
4-Do Not Always Trust to Middle mans and negotiators (some of them are good but some of them agree on 4000usd for example and Asked 10000usd From Client) this Was happenedYour Case ID :
Our Email:PaulGilfillan@cyberfear.com.'