Gc47 Ransomware

Gc47 Ransomware is the most recent infection to use the Hidden Tear ransomware source code. If you are familiar with the articles we have posted in the past, you might already know that this source code has been used for the development of Enjey Crypter Ransomware, Hollycrypt Ransomware, GhostCrypt Ransomware, and many other infamous infections. Just like other threats from this family, the ransomware is likely to be spread using corrupted spam email attachments. Needless to say, by executing the launcher file, you end up inviting the threat yourself. This is why you have to be extremely cautious when you interact with emails, especially the ones that might have been sent by unfamiliar senders. Keep in mind that cyber criminals can create email addresses that are almost identical to the ones of authentic and reputable companies, and so you have to stay vigilant at all times. Unfortunately, you might be unable to reverse the damage once it is done by removing Gc47 Ransomware.

Advanced Encryption Standard (AES) is used for the encryption of your files, and Gc47 Ransomware is stealthy when it comes to this malicious task. Once your files are locked, it might even attempt to delete the main executable file using the command “cmd.exe /C choice /C Y /N /D Y /T 1 & Del”. If that happens, you will not need to waste your time trying to identify and delete Gc47 Ransomware launcher. Besides encrypting and deleting files, the infection always creates a few highly important files. The sample we have tested created the files named “C.key” and “D.key”, and both of them were placed in the Documents folder. Note that the names and the location of these files could be unique, although that is unlikely. These files are important because they represent the keys required for the decryption process. According to our researchers, the threat might use SMTP (Simple Mail Transfer Protocol) to send email to the attackers containing both of these files. It appears that admin@ransomware.com is the destination email address.

Have you been introduced to pop-ups informing you about errors or the necessary upgrading of your Windows operating system? It is still unclear what the purpose of these pop-ups is, and it is possible that they are used by Gc47 Ransomware to distract you from the encryption process. All in all, it is unlikely that you will notice the encryption until all of your personal files are “awarded” with the “.Fuck_You” extension. Needless to say, this extension is a real slap in your face. Our researchers have analyzed the code of the infection, and it was found that all kinds of files can be corrupted by it. That means that you are likely to find this obnoxious extension attached to archives, documents, images, presentations, and other kinds of other files. Do not try to erase the extension because that has nothing to do with the encryption of your files. Of course, you should check which files were encrypted to assess the damage. In the best case scenario, all of your files are backed up, and you can recover them once you delete Gc47 Ransomware.

According to the Gc47 Ransomware message within the READ_IT.txt file created on the Desktop, you need to pay a ransom of 50 USD to the Bitcoin Address 14vY5z8fWzCj93YTwbGiLd6ansZNMJ2kC3. Once you do that, you need to email cyber criminals at unixc47@gmail.com. Supposedly, you will be provided with a decryptor after you fulfill these demands. Of course, the initial ransomware note does not mention the decryption at all, and so it is hard to say what the result would be. Unfortunately, the ransomware has already had victims pay the requested ransom. Obviously, you have to think carefully if that is what you want to do as well. Though 50 USD is not a huge sum in the grand scheme of things, you do not want to just waste it, do you? Whatever happens at the end, you HAVE to delete Gc47 Ransomware, and you can refer to the guide below for manual removal. If you are having issues getting rid of the threat manually, use anti-malware software instead. This is the preferred method of removal because anti-malware software also doubles up as the most reliable security software.

Gc47 Ransomware Removal

1. Launch Task Manager by tapping Ctrl+Shift+Esc.
2. Click the Processes tab and try to locate the malicious process.
3. Right-click the process, choose Properties, and copy the directory of the .exe file.
4. Click OK and end process/task. Exit Task Manager.
5. Launch Windows Explorer by tapping Win+E keys.
6. Paste the directory of the malicious file and then Delete it.
7. Empty Recycle Bin to get rid of the infection.

N.B. If you have not managed to get your files decrypted, keep the C.key and D.key files safe. A working file decryptor might be created in the future. You might also want to seek help of professionals who might be able to build a decryptor for you.