A new ransomware virus, going by the name GG Ransomware has been detected in the wild. The malware aims to encrypt the files on the computers infected by it, using the AES-256 encryption algorithm. Then, victims are requested to pay a hefty ransom fee in order to get their files restored back to their original variants. If your computer has been attacked by GG Ransomware, it is strongly advisable to remove the virus and attempt to restore the files encrypted by it on your computer system. For more information, read this article.
|Short Description||Encrypts the files on your infected computer and then asks for a ransom payoff to be made in order to decrypt them.|
|Symptoms||Files are AES encrypted with an added .GG file extension. No ransom note added, only an image.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by GG Ransomware |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss GG Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
BRansomware – How Does It Spread
In order to be distributed throughout the web, GG Ransomware is a virus that may exist in different infection forms. One of those is to be widespread via malicious e-mail spam. Such messages aim to trick victims by posing as a well-known company or institution, such as:
- A bank.
The e-mails pretend to have a seemingly legitimate e-mail attachment which poses as a reciept, invoice or other file, but is actually the infection file of GG Ransomware which drops the malicious payload of the ransomware virus on your computer.
Other methods by which you can become infected by this virus is to open a fake setup, an e-mail attachment or any other types of files uploaded on torrent sites or suspicious software providing websites.
GG Ransomware – More Information
The ransomware virus, known as GG Ransomware is from the type of malware that attacks the files to render them no longer openable. To achieve it’s end goal, GG Ransomware may perform multiple different actions on your computer systems, starting with dropping it’s payload on the computer of the user. The payload may be located in multiple different folders on the user PC:
The main executable file of this virus is reported in Virus Total to be the following:
After having dropped the payload, the GG Ransomware threat may delete the backed up files on your computer by executing the vssadmin and bcedit commands, for example:
After this has been done, the ransomware virus may also create multiple different Windows Registry entries in the registry editor of the infected machine. The following sub-keys may be targeted, which are responsible for running the malicious files of BRansomware automatically on the computer of the victim:
After having modified the Windows Registry Editor, the virus may begin the enciphering process without you noticing it.
GG Ransomware- Encryption Process
In order to encrypt your files, GG Ransomware applies the CBC encryption mode with the AES(Advanced Encryption Standard) algorithm. The mode aims to chain the different blocks of data encrypted by the virus and connect them with the assistance of encryption blocks of data. This allows for the decryption key to be applied on those blocks to decrypt the files. Without going into much detail, this encryption is so far one of the most successful ciphers which were detected so far. If properly implemented (without mistakes), it may be very difficult to directly crack. For the encryption process, GG Ransomware targets the following file types:
.xls, .doc, .xlsx, .docx, .rtf, .odt, .pdf, .psd, .dwg, .cdr, .cd, .mdb, .1cd, .dbf, .sqlite, .accdb, .jpg, .jpeg, .tiff, .zip, .rar, .7z, .backup
After it has finished encrypting the files, the GG Ransomware virus does not drop any type of ransom note, it just ads it’s strange picture and adds the .GG file extension to the files encrypted by it, making them appear like the following:
Remove GG Ransomware and Restore Encrypted Files
For the removal process of GG Ransomware to be effective, it is advisable to backup your encrypted files first after which to remove this malware by following the removal instructions below. They are specifically designed to help you isolate BRansomware and remove it either manually or automatically. For maximum effectiveness, it is strongly advisable to remove this malware automatically with the aid of an advanced anti-malware software.
If you want to restore files that have been encrypted by this malware on your computer, do not panic. Even though you cannot restore them by paying the ransom, we have suggested alternative methods that go around the direct decryption to help restore as many files as possible. The methods, located in step “2. Restore files encrypted by GG Ransomware below” may not be 100% effective, but are definitely designed to help restore as many files as possible.