GottaCry Ransomware

Although GottaCry Ransomware has the presence of a real file-encrypting infection, our research team has found that it might fail to function exactly as intended. The sample that was tested in our internal lab did NOT encrypt files; although it was discovered that the threat could potentially delete files and directories. Instead, it acted as a screen-locker. At this point, it is not known how this infection could spread, but we recommend being extremely cautious about the emails you open, the files/programs you download, and the security updates you skip. Without a doubt, this is not the kind of malware that you want to face, even if it does not corrupt files. In case you faced a version that did encrypt files, do not let cyber criminals bully you into paying a ransom or doing anything else that could put you at more risk. Of course, regardless of the version, it is important to delete GottaCry Ransomware if it manages to slither in. Keep reading the report if you want to learn more about the infection, or initiate removal ASAP.

When the malicious GottaCry Ransomware finds its way into Windows, it should stay hidden and out of sight. That is most important because if the attacked system’s owner figures out and deletes the threat right away, its creators will not get a chance to terrorize the victim. As we mentioned already, it is unlikely to encrypt files, but it definitely can kill the Task Manager to make it impossible for you to check for running processes and discover the one used by GottaCry Ransomware itself. Since the threat has the functionality to remove files and directories, it is possible that it could start doing that right away, but it is more likely to launch a window first. This window is called “GottaCry | Windows encryptor,” and it displays a text message on top of an image of two red eyes. The message declares right away that your computer and files were encrypted, which is unlikely to be the case. Unfortunately, the message also makes this threat: “If you turn off your computer, we will leak all your passwords and will delete your computer.” Without a doubt, this might intimidate the less experienced users.

The message also displays a link to a Discord account, via which the victims of GottaCry Ransomware are supposed to communicate with the attacker. At the bottom, there also is a Bitcoin Wallet address, to which the victims, allegedly, need to transfer $50 worth of Bitcoin. An alternative payment option is to pay $70 via PayPal. 1HfdBrUDYZ1rCdQcgBt84Ja7JoYhHDqNcg is the Wallet address, and, at the time of research, 18 transactions had been received with a total of 0.0945 Bitcoin, which is around 700-800 US Dollars. We cannot know whether any of these transactions are linked to GottaCry Ransomware, but if they are, the victims will never get their money back. Unfortunately, it is unlikely that you would be provided with a password when you paid the ransom, and that is why we suggest not taking the risk. If you choose otherwise, make sure you weigh all pros and cons, and are 100% comfortable with your final decision.

Which file launched GottaCry Ransomware? If you are not sure about that, you might be unable to delete this malicious threat manually. Even though other files should not be created by this threat, erasing the launcher is extremely important. If Task Manager was active, you could, potentially, find the malicious .exe file that requires removal via the running process. If Task Manager was killed, you might be stuck. You cannot close the window launched by the infection, but you might also hesitate to restart the computer due to the risk of having all personal files deleted. However, according to our tests, your files should be not removed, and so it should be fine to restart the PC.

If you cannot delete GottaCry Ransomware manually after restarting the computer, we recommend installing an anti-malware program that will automatically inspect your system and delete all malicious files. Remember that not much is known about the distribution of this threat still, which is why you also have to consider the possibility that other threats capable of downloading and executing malware exist. If they do, you must remove them ASAP. If you want to have the operating system secured in the future, the same anti-malware program will help you with that as well.

GottaCry Ransomware Removal

1. Delete all recently downloaded files to erase the launcher.
2. Empty Recycle Bin to complete the removal.
3. Install a legitimate and trustworthy malware scanner.
4. Perform a full system scan and if other threats exist, you need to erase them ASAP.