GC47 Ransomware belongs to the infamous group of malware based on Hidden Tear Project. It is still in the development stage. This means that hackers are not massively attacking users but rather «testing» their malware.
This ransomware utilizes the AES encryption method to make valuable files on your computer unreadable by the OS. After finishing the encryption process, GC47 Ransomware creates a message on the desktop to notify the owner of the compromised computer. This virus is also capable of altering Windows Registry which allows launching the virus whenever Windows OS starts.
We advise making backups for most important files on your computer. GC47will most likely target files with the following extensions: .txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb.sln.php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, .wav, .sav, .gam, .log, .ged, .msg, .myo, .tax, .ynab, .ifx, .ofx, .qfx, .qif, .qdf, .tax2013, .tax2014, .tax2015, .box, .ncf, .nsf, .ntf, .lwp. All encoded files will have the .cerber3 or .Fuck_You file extension added to them. In addition to that, it might also delete your Shadow Volume Copies to limit your recovery options.
As for the ransom itself, hackers promise to fix your files for 50 bucks (in Bitcoins) implying that there is no other way to decrypt the data without a key and their decryption program. When your sensitive files are corrupted, you will most likely succumb to paying the ransom, but we recommend focusing on GC47 Ransomware removal instead.
First of all, never the believe those crooks. It is a common practice to threaten victims and making them think that they are out of options. There are no guarantees that cyber criminals will actually unblock your computer and restore the data. Plus, you will become a sponsor for next attacks contributing to the development of newer viruses and malicious software like this one.
We still don’t have a full list of the main spreading techniques for this ransomware, but it is safe to say that most common strategies are in use. We’re talking about typical stuff like:
– Software installers: malware programs often come bundled with other software you might need. Unchecking all unneeded boxes during the installation is a must. Be careful with the programs that come from untrusted sources.
– Malware spam: emails are still one of the most popular methods of distributing malicious software like this one. Suspicious attachments, unknown links, executable files, etc. in emails should not be opened. It is always a risk to get infected in one click.
– Redirects: sites are getting hacked each day, and malicious ads and hijackers are there for unsuspecting users ready to infect users with viruses and other malware.
There are two ways to get rid of the GC47 Ransomware. You can do it manually if you know where the original malicious file is hidden. But it might take time. Plus, if you don’t know where to look you can accidentally delete wrong files. To avoid this, we recommend using a reliable anti-malware program like Plumbytes Anti-Malware or SpyHunter. If your computer is infected with GC47 Ransomware, it will be eliminated along with other threats found. Having an additional protection against cyber-attacks is highly recommended because other threats might come your way after previous are neutralized.
Symptoms of GC47 Ransomware infection on your computer can be: computer crashes, unusual homepage or search engine on your browser, unwanted pop-up ads and advertising banners. We recommend to download our automatic removal tool. This removal tool has been tested for GC47 Ransomware threat removal and it is easy to use.
After performing all of the steps above you should have all of your web browsers clean of the GC47 RANSOMWARE and other suspicious add-ons and extensions. However to complete the removal procedure we strongly advise to scan your computer with antivirus and anti-malware tools like SpyHunter, HitmanPro 32-bit, HitmanPro 64-bit or Malwarebytes Anti-Malware. Those programs might help to you find registry entries of malware and remove them safely.