Gesd Ransomware

Gesd Ransomware looks like another threat from the Stop Ransomware family. Our researchers could not test it properly as its sample did not work, but we believe the malware should work the same as all other malicious applications from the Stop Ransomware family. If you want to know more about how this malware might work or how it could be distributed, we invite you to read our full article. At the end of the text, you can find manual removal instructions that show how it might be possible to delete Gesd Ransomware. We cannot guarantee that the provided steps will work, which is why it is advisable to use a reliable antimalware tool instead of you come across this new file-encrypting threat.

Most ransomware applications travel with malicious email attachments, fake installers or updates, and other unreliable data that victims can download or receive from the Internet. This is why our specialists recommend staying alert at all times. If you receive an email attachment, you should always inspect the message it came with first, check if it comes from a reputable sender, and so on. If you are not one hundred percent sure that the attachment you got is safe to open, we advise scanning it with a reliable antimalware tool. In fact, we recommend scanning all questionable files download or received from the Internet with a reputable security tool if you do not want to infect your computer with threats like Gesd Ransomware accidentally. Never forget that even a text file or a picture could be a malicious file in disguise, so you have to be extra careful if you hope to avoid malware.

Many similar threats that we have encountered so far used to create files listed in the deletion instructions located below after their launch. Thus, it is possible that Gesd Ransomware might act similarly after its launcher is opened. Also, our researchers say that most malicious applications from the Stop Ransomware family encrypt user files with a robust encryption algorithm right after they settle in. Reports say that the malware ought to encipher private data and mark it with the .gesd extension. It is vital to explain that removing the threat’s appended extension should not make any difference. The only way to restore files affected by Gesd Ransomware is to decrypt them with unique decryption tools. Since this malicious application seems to belong to the Stop Ransomware family, we believe it should drop the same ransom note like most of the other threats from this family.

Usually, ransom notes displayed by the malicious applications from the Stop Ransomware family demand victims to pay either 490 or 980 US dollars. The first sum is asked if a user agrees to make a payment within 72 hours, if not, hackers may ask for a full price, which is 980 US dollars. In exchange, cybercriminals ought to offer special decryption tools that could restore files encrypted by the Gesd Ransomware. Of course, we recommend against paying the ransom if you do not want to risk getting scammed. Instead, you could check if you have any backup copies on your cloud storage or removable media devices. If you do, you could replace enciphered files with backup copies.

Lastly, we recommend removing Gesd Ransomware before you upload backup copies on your computer or do anything else. For instance, the malware could be able to restart itself, in which case, it could pose a threat to your files as long as it remains on your system. As said earlier, the instructions located at the end of this paragraph show how it might be possible to remove Gesd Ransomware manually. We want to stress once again that we cannot guarantee that completing the provided steps will eliminate the malicious application. Therefore, if you want to be sure that the threat gets erased, we advise employing a reputable antimalware tool of your choice.

Restart the computer in Safe Mode

Windows 8/Windows 10

1. Tap Win+I for Windows 8 or open Start menu for Windows 10.
2. Press the Power button.
3. Click and hold Shift, then click Restart.
4. Pick Troubleshoot and choose Advanced Options.
5. Go to Startup Settings and click Restart.
6. Press F5 and restart the PC.

Windows XP/Windows Vista/Windows 7

1. Navigate to Start, select Shutdown options, and pick Restart.
2. Press and hold F8 when the PC starts restarting.
3. Mark Safe Mode with Networking.
4. Select Enter and log on.

Remove Gesd Ransomware

1. Click Win+E.
2. Find these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
3. Look for the threat’s installer, e.g., updatewin.exe; then right-click it and press Delete.
4. Then find these paths:
   %USERPROFILE%\Local Settings\Application Data
   %LOCALAPPDATA%
5. Search for the threat’s created directories with random names that should contain copies of the malware’s launcher (e.g., 2a9ea166-82c4-499d-9f16-9e28ac1b8ef4), right-click them, and press Delete.
6. Recheck these paths:
   %LOCALAPPDATA%
   %USERPROFILE%\Local Settings\Application Data
7. Locate files called script.ps1 or similarly, right-click them and press Delete.
8. Find this path: %WINDIR%\System32\Tasks
9. Look for a file called Time Trigger Task or similarly, right-click it and choose Delete.
10. Exit File Explorer.
11. Press Win+R.
12. Type Regedit and press Enter.
13. Go to this path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
14. Locate a value name called SysHelper, right-click it, and press Delete.
15. Exit Registry Editor.
16. Empty Recycle bin.
17. Restart the system.