GetCrypt Ransomware

GetCrypt Ransomware is a threat that has several different versions. Although the functionality of this infection does not change, and the same methods can be applied to delete it, the ransom messages that follow them are unique. In this report, we talk about two different variants of this malware, and we discuss how to get rid of them from your Windows operating system. Of course, you probably need no explanation as to why you need to remove GetCrypt Ransomware. However, you might need some information about the infection itself, and you might also need help figuring out what to do about the files encrypted by this malware. Unfortunately, the threat can successfully corrupt personal files by encrypting their data, and if you do not have backups that could replace the corrupted files, the attackers might convince you to pay a ransom in return for a decryption key. That is the last thing you want to do because if you pay the ransom, the chances of you getting the decryptor are slim to none.

As we mentioned already, there are several different variants of GetCrypt Ransomware, and while they function in the same manner, it was found that these variants might be spread using different methods. The newest version of the threat was found using the infamous RIG exploit kit to slither in without any notice. The older version, however, might have employed spam emails and RDP vulnerabilities. This is why you have to cover all bases. Observing the emails you receive is smart, but if that is the only thing you do, you will not be safe as there are plenty of other ways for malware to slither in. After execution, both versions of GetCrypt Ransomware change the Desktop’s wallpaper to introduce victims to a ransom note, and both create a file named “DECRYPT MY FILES #.txt” to deliver the same note once more. According to our research, the contents of this TXT file are different depending on the version. One version, for example, demanded a ransom of $150 to be paid in bitcoin and then a confirmation message to be sent to un42@protonmail.com.

The ransom message linked the newest version of GetCrypt Ransomware is a little bit different. It does not reveal the sum of the ransom, and it simply instructs to email getcrypt@cock.li to get more info. That being said, the ransom note represented via the Desktop wallpaper lists un42@protonmail.com. We do not recommend contacting the attackers using either of these email addresses because once you do, you might give them the opportunity to scam you and expose you to malware again. The good news is that regardless of which of these versions you were exposed to, you should be able to get your files decrypted for free. The word on the street is that a tool capable of decrypting files corrupted by the malicious GetCrypt Ransomware exists, and if you can find it, you might be able to get out of this messy situation without a scratch. Of course, even if you can decrypt your files, you must not forget to remove the infection. Although the threat, according to our research team, does not create other files that could restart the encryption process, you want to delete it as soon as possible.

As you can see by looking at the guide below, removing GetCrypt Ransomware does not take a lot of effort. It is most important to find and delete the .exe file that originally launched the infection, and, unfortunately, we do not know how it could be named or where it could be dropped in your case. If you cannot find and delete GetCrypt Ransomware components yourself, what you want to do is install a legitimate anti-malware program. It will inspect your operating system, identify the threat, and remove all malicious files automatically. Beyond that, it will secure your operating system to guarantee that file-encryptors and other kinds of malware cannot invade it again. Hopefully, you can employ a reliable free decryptor to free your files in this situation, but note that this is not a common thing. In most cases, file-encryptors cause irreversible damage, which is why it is crucial to always backup personal files.

GetCrypt Ransomware Removal

1. Delete all recently downloaded suspicious files to eliminate the launcher file.
2. Delete all copies of the # DECRYPT MY FILES #.txt file.
3. Empty Recycle Bin.
4. Perform a full system scan using a legitimate malware scanner.