A new ransomware called GetCrypt has been detected. It uses the RigEK exploit tool to spread attacks on users when they visit foreign websites, and encrypts computer files to modify the user’s desktop ransom.
It is worth mentioning that the RigEK exploit tool is a very popular attack tool in the black circle. It was used to spread the GandCrab ransomware earlier. In February of this year, it was also used to spread the Paradise ransomware.
Attention! Your computer has been attacked by virus-encoder!
All your files are now encrypted using cryptographycalli strong aslgorithm.
Without the original key recovery is impossible.
TO GET YOUR DECODER AND THE ORIGINAL KEY TO DECRYPT YOUR FILES YOU NEED TO EMAIL US AT: GETCRYPT@COCK.LI It is in your interest to respond as soon as possible to ensure the restoration of your files. P.S only in case you do not recive a response from the first email address within 48 hours.
It is reported that GetCrypt utilizes the Salsa20 and RSA-4096 encryption algorithms. Luckily, decryptor has been released. You can install advanced security software to recover your corrupted files.
As long as any one of the docx, xlsx, and pptx type documents exists in the encrypted file, all the files can be directly decrypted; otherwise, the user only needs to provide any original file on the computer and the encrypted file for comparison and verification, and then the user can successfully decrypt.
Tips to avoid ransomware
1. Download and install reliable security software to detect and remove GetCrypt ransomware so as to protect personal data and property security in all aspects.
2. Improve security awareness and turn off unnecessary ports & share files.
3. Install patches to the system in time, use strong login passwords to prevent attackers from exploiting or weakening Password blasting and other means to attack the server.
4. Remember not to open the link of unknown sources, and do not click to download attachments of unknown source.
Published by Emerson L. Sullivan & last updated on May 30, 2019 1:40 am