Remove GG Ransomware and Restore .GG Encrypted Files - How to, Technology and PC Security Forum |

Remove GG Ransomware and Restore .GG Encrypted Files

This article aims to help you by showing how to remove BRansomware virus from your computer system and how to restore .GG extension encrypted files.

A new ransomware virus, going by the name GG Ransomware has been detected in the wild. The malware aims to encrypt the files on the computers infected by it, using the AES-256 encryption algorithm. Then, victims are requested to pay a hefty ransom fee in order to get their files restored back to their original variants. If your computer has been attacked by GG Ransomware, it is strongly advisable to remove the virus and attempt to restore the files encrypted by it on your computer system. For more information, read this article.

Threat Summary

NameGG Ransomware
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on your infected computer and then asks for a ransom payoff to be made in order to decrypt them.
SymptomsFiles are AES encrypted with an added .GG file extension. No ransom note added, only an image.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by GG Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss GG Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

BRansomware – How Does It Spread

In order to be distributed throughout the web, GG Ransomware is a virus that may exist in different infection forms. One of those is to be widespread via malicious e-mail spam. Such messages aim to trick victims by posing as a well-known company or institution, such as:

  • eBay.
  • PayPal.
  • Amazon.
  • A bank.

The e-mails pretend to have a seemingly legitimate e-mail attachment which poses as a reciept, invoice or other file, but is actually the infection file of GG Ransomware which drops the malicious payload of the ransomware virus on your computer.

Other methods by which you can become infected by this virus is to open a fake setup, an e-mail attachment or any other types of files uploaded on torrent sites or suspicious software providing websites.

GG Ransomware – More Information

The ransomware virus, known as GG Ransomware is from the type of malware that attacks the files to render them no longer openable. To achieve it’s end goal, GG Ransomware may perform multiple different actions on your computer systems, starting with dropping it’s payload on the computer of the user. The payload may be located in multiple different folders on the user PC:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalLow%

The main executable file of this virus is reported in Virus Total to be the following:

After having dropped the payload, the GG Ransomware threat may delete the backed up files on your computer by executing the vssadmin and bcedit commands, for example:

vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

After this has been done, the ransomware virus may also create multiple different Windows Registry entries in the registry editor of the infected machine. The following sub-keys may be targeted, which are responsible for running the malicious files of BRansomware automatically on the computer of the victim:


After having modified the Windows Registry Editor, the virus may begin the enciphering process without you noticing it.

GG Ransomware- Encryption Process

In order to encrypt your files, GG Ransomware applies the CBC encryption mode with the AES(Advanced Encryption Standard) algorithm. The mode aims to chain the different blocks of data encrypted by the virus and connect them with the assistance of encryption blocks of data. This allows for the decryption key to be applied on those blocks to decrypt the files. Without going into much detail, this encryption is so far one of the most successful ciphers which were detected so far. If properly implemented (without mistakes), it may be very difficult to directly crack. For the encryption process, GG Ransomware targets the following file types:

.xls, .doc, .xlsx, .docx, .rtf, .odt, .pdf, .psd, .dwg, .cdr, .cd, .mdb, .1cd, .dbf, .sqlite, .accdb, .jpg, .jpeg, .tiff, .zip, .rar, .7z, .backup

After it has finished encrypting the files, the GG Ransomware virus does not drop any type of ransom note, it just ads it’s strange picture and adds the .GG file extension to the files encrypted by it, making them appear like the following:

Remove GG Ransomware and Restore Encrypted Files

For the removal process of GG Ransomware to be effective, it is advisable to backup your encrypted files first after which to remove this malware by following the removal instructions below. They are specifically designed to help you isolate BRansomware and remove it either manually or automatically. For maximum effectiveness, it is strongly advisable to remove this malware automatically with the aid of an advanced anti-malware software.

If you want to restore files that have been encrypted by this malware on your computer, do not panic. Even though you cannot restore them by paying the ransom, we have suggested alternative methods that go around the direct decryption to help restore as many files as possible. The methods, located in step “2. Restore files encrypted by GG Ransomware below” may not be 100% effective, but are definitely designed to help restore as many files as possible.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share