Remove GottaCry Ransomware
THREAT REMOVAL

Remove GottaCry Ransomware

gottacry ransomware remove

What is GottaCry ransomware? What does the GottaCry virus do? Can files encrypted by GottaCry ransomware be recovered?

GottaCry ransomware is a virus that pretends to be from the WannaCry ransomware family. In actuality the virus does not encrypt files but it might delete the Desktop of an infected computer system. The GottaCry ransomware does not seem to be a wiper. The cryptovirus drops a ransom note, which as usual gives instructions to victims on how they can allegedly restore their data. Regardless that GottaCry does not seem to encrypt files it is ill-intended and can perform other malicious actions than encryption. If the virus gives remote access to a hacker to the infected machine, expect all kinds of information to be leaked, locked and exploited. As the ransomware might delete the Desktop folder, try using a data recovery program to restore your files.

Threat Summary

NameGottaCry
TypeCryptovirus
Short DescriptionThe cryptovirus encrypts files on your computer system.
SymptomsThe GottaCry ransomware will not encrypt your files but might delete everything found on the Desktop of a computer affected by it. A desktop wallpaper of devilish cat eyes is the trademark of the GottaCry virus.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by GottaCry

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss GottaCry.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

GottaCry Ransomware – How Did It Infect My PC and What Harm It Can Cause?

GottaCry ransomware might spread its infection via a payload dropper, which initiates the malicious script for this ransomware. The virus might also distribute its payload file on social media and file-sharing services. You can see the detection rate of the ransomware’s sample on the VirusTotal service below:

gottacry detection virustotal

Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the virus. Read the tips for ransomware prevention from our forum.

GottaCry is trying to make victims assume that it is related in some way to the WannaCry ransomware. The virus will show a ransomware note of devilish cat eyes. This is the particular image of the GUI interface that the ransomware loads on the Desktop of an infected computer:

gottacry ransomware gui

The message of that image with GottaCry says the following:

GottaCry Windows Decryptor 2019
Your computer has been encrypted
All your files were encrypted
If you turn off your computer, we will leak all your passwords and will delete your computer
All your desktop files were moved to my server until payment is done
All of your passwords were recovered into my servers.
Contact only on discord!
DISCORD: Russen#6061
50$ bitcoin or $70 PayPal
1HfdBrUDYZ1rCdQcgBt84Ja7JoYhHDqNcg

As seen from the message above, the ransom message promises an alleged recovery of encrypted data, although there is no such data present. It seems that the ransomware might still be in a development phase and activate the encryption process at a later point in time.

GottaCry ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows system. All system files might fall under its control and there is no telling what harm it will be caused.

The GottaCry ransomware could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

If your computer device was infected with this ransomware and some of your files were erased, read on through to find out some ways in which, potentially, you might restore your files back and remove the virus.

Remove GottaCry Ransomware

If your computer got infected with the GottaCry ransomware you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...