Threat Database Ransomware Gillette Ransomware

Gillette Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: April 2, 2019
Last Seen: April 10, 2019
OS(es) Affected: Windows

The Gillette Ransomware is an encryption ransomware Trojan that was first observed on March 28, 2019. The main intended victims of the Gillette Ransomware attack are individual computer users. The Gillette Ransomware carries out a typical encryption ransomware attack, taking victims' files hostage and then demanding a ransom payment. Threats like the Gillette Ransomware make the victim's files inaccessible permanently, requiring file backups to restore any data compromised by the Gillette Ransomware attack.

The Gillette Ransomware will Work Like a Razor to Shave Files From Your Reach

The Gillette Ransomware uses the AES and RSA encryptions to make victims' files inaccessible. The Gillette Ransomware, once the victim's files have been encrypted, delivers the decryption key to its Command and Control servers, making it impossible for the victim to recover the data compromised by the Gillette Ransomware attack. Victims of the Gillette Ransomware attack are asked to contact the criminals via ''. The Gillette Ransomware infection is easy to be spotted because it changes the file names by adding the file extension '.GILLETTE' to the file's name. The Gillette Ransomware targets the user-generated files, which may include a wide variety of file types such as media files, documents, databases and numerous other data containers. Threats like the Gillette Ransomware tend to target some particular file types, which include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Once the chosen files have been encrypted, the Gillette Ransomware delivers its ransom note in a text file named 'Decrypt DATA.txt,' which contains the following message for the victim:

'All your important files are encrypted
There is only one way to get your files back: contact us, pay, and get decryptor software
We accept Bitcoin
You have Your personal identifier, write in letter when contact with us.
Also, you can decrypt 1 file for test, its guarantee what we can decrypt your files.
Do not rename encrypted files.
Do not try to decrypt using third party software, it may cause permanent data loss.
For decrypt your data write to email
Contact information: or
and tells us your unique ID — ID-[random chars]'

Protecting Your Data from Threats Like the Gillette Ransomware

It is not recommended to contact the criminals responsible for the Gillette Ransomware attack. Computer users also should refrain from paying any ransom associated with this threat. Computer users must protect their data preemptively, such as having file backups stored in a safe location instead of paying the Gillette Ransomware ransom. It also is fundamental to have a security program that is fully up-to-date, which can be used to intercept the Gillette Ransomware before the victim's files are compromised.


Most Viewed