Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

AndreaGalli Ransomware

AndreaGalli Ransomware is a newly-detected infection that has been named after its author, which immediately suggests that this infection could have been developed for educational or testing purposes. A thorough analysis of the infection carried out by specialists at has shown that it is another infection based on the Hidden Tear engine. It is not the first ransomware infection created using the Hidden Tear source code, which is, in fact, can be accessed by anyone. Assembly Ransomware, Gendarmerie Ransomware, and Horros Ransomware are only a few examples of ransomware infections based on it. There is one more thing that unites all the aforementioned infections, including AndreaGalli Ransomware – they have all been developed to obtain money from users. Never pay money to cyber criminals! If you ever encounter malware, delete it from the system right away.

It does not seem that AndreaGalli Ransomware has been developed to extract money. As mentioned, it is more likely that it is some kind of project. Of course, it does not mean that it cannot evolve into something bigger in the future. At the time of analysis, the ransomware infection encrypted only one folder: %USERPROFILE%\Desktop\test. It is not very likely that ordinary users have this folder on their computers. In other words, even if they encounter AndreaGalli Ransomware, they should not find their files encrypted. Unfortunately, we cannot promise that this malicious application will not be updated. If it ever gets an update and you encounter it, you might discover your pictures, documents, movies, and other files encrypted as well. If nothing changes, the ransomware infection should append the .locked filename extension to all affected files, and, on top of that, drop a ransom note named readme.txt after the encryption. Cyber criminals try to push victims into paying money, but you should not pay a cent to malicious software developers. It does not mean that you are doomed if you are not going to pay money – if you back up your files regularly, you could restore them easily in the unfortunate event of encountering the ransomware infection.

AndreaGalli Ransomware is not distributed actively since it is still in development. It is unclear whether it will become a serious infection, but we still want that you know how ransomware infections are distributed so that you could prevent them from entering your system. It is no longer a secret that a bunch of malicious applications are distributed via spam emails, so make sure you do not open any attachments suspicious emails contain. Second, it has been observed that users often download malicious software from the web themselves. If you download software from P2P and similar websites too, you should be very cautious and scan your downloads with an antimalware tool before launching them. Last but not least, clicking on random links and commercial advertisements found on the web might bring security-related problems as well, so make sure that you break that bad habit before it is too late. Finally, a security tool must be installed on all computers connected to the Internet, and it does not even matter whether you surf the Internet every day or only occasionally.

The focus of this report – AndreaGalli Ransomware – is not sophisticated malware for sure. Therefore, we do not think that you will find its removal a complicated task too. You should be able to erase it fully by deleting the malicious file you have recently launched and the ransom note in the .txt format, but it would also be smart to perform a scan with a diagnostic scanner once you are finished erasing this threat manually so that no malicious files would be left on the computer. Of course, you are welcome to remove AndreaGalli Ransomware automatically too. Unfortunately, if your files have been encrypted, you will not unlock any of them by deleting the ransomware infection from your PC, but we do not think that you will find a single file encrypted if you encounter the same version of AndreaGalli Ransomware analyzed by our researchers – it, as mentioned, affects only one folder you probably do not even have.

How to delete AndreaGalli Ransomware

  1. Check your Desktop and your Downloads folder.
  2. Locate the malicious .exe file you have launched recently.
  3. Delete it.
  4. Remove readme.txt.
  5. Empty Trash.
  6. Scan your PC with a diagnostic antimalware scanner.
Download Spyware Removal Tool to Remove* AndreaGalli Ransomware
  • Quick & tested solution for AndreaGalli Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.