Remove Gedantar Ransomware - Restore Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove Gedantar Ransomware – Restore Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Gedantar and other threats.
Threats such as Gedantar may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

One of the newest detected ransomware pieces out there has been dubbed Gedantar ransomware, or Gedantar file virus, after the main executable Gedantar.exe. The ransomware was discovered by security analyst Karsten Hahn, and researchers believe that it is an updated version of Unlock92 ransomware. The latter was discovered in November, 2016, and it seems that its authors have decided to resurrect malicious activities.

Threat Summary

NameGedantar
TypeRansomware
Short DescriptionThe ransomware encrypts files on the infected system.
SymptomsThe ransomware will encrypt your files and will rename those files following the _<8-rand-chars>. pattern.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Gedantar

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Gedantar.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Gedantar ransomware renames the files of the infected machine following the _<8-rand-chars>. pattern. 32 out of 66 anti-virus engines on VirusTotal detect the ransomware.

Gedantar Ransomware Distribution Techniques

Gedantar ransomware could be spreading in the wild using different techniques of infiltration.
A payload dropper which initiates the malicious script for the file encrypting virus is being spread around the internet, and researchers had the luck to obtain a malware sample. If that file sneaks into your operating system and you are somehow tricked into executing it, you will be infected and as a result your files will be encrypted. Here are the detections of Gedantar’s exe file on the VirusTotal right here:

Keep in mind that Gedantar ransomware may be also spreading on social media and file-sharing services. In addition, its payload file may also be bundled within freeware packages. The general security tip here is to always be very cautious with such files and to scan them with a security tool prior to opening them. Make sure to inspect their size and signatures as they may hint of malicious presence within. You can read some very useful tips for ransomware prevention in our forum.

Gedanrat Ransomware Encryption

Similarly to Unlock92, Gedantar ransomware, after having infected the victim, may initiate a procedure to modify the registry entries of the infected system. There may be many subkeys amongt the registry keys affected by the ransomware, but the primary ones which Gedantar might attack are the Run and RunOnce subkeys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

These registry keys may contain values with data, which make the executable that encrypts files to run when each time Windows is booted.

After encryption, Gedantar ransomware renames the files of the infected machine following the _<8-rand-chars>. pattern.

Gedantar Ransomware Removal Instructions

If you have been inffected by this ransomware, the first action you should take is to disconnect your computer and copy the encrypted files to a flash drive or another external device. From there you may safely proceed to the removal of Gedantar ransomware.

To remove Gedantar ransomware, follow the instructions below the article. In case you do not have the experience in manually removing ransomware, we advise you to use the help of an advanced anti-malware program which will take care of this for you.

After having removed Gedantar ransomware, you may use the alternative methods for restoring files mentioned in step “2.Restore Files Encrypted by Gedantar” below. There is no guarantee you will restore the files, but it may be a solution until a real decryption tool is released.

Note! Your computer system may be affected by Gedantar and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Gedantar.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Gedantar follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Gedantar files and objects
2. Find files created by Gedantar on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Gedantar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...