Remove .guesswho Files Virus (Update September 2019)
THREAT REMOVAL

Remove .guesswho Files Virus (Update September 2019)

GUESSWHO-FILES-VIRUS-remove-sensorstechforum

Have your files been encrypted with the .guesswho extension? The .guesswho files virus is a new ransomware threat that is currently infecting users.

Update September 2019. The .guesswho ransomware is still present on the malware scene. The .guesswho virus infection rate seems to have an upward spike, so users should be extra careful when dealing with email attachments, as malspam continues to be a prevalent distribution method.

Threat Summary

Name.guesswho File Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts the user’s files and drops a ransom note with instructions.
SymptomsFiles are encrypted and have the .guesswho extension appended to them.
Distribution MethodNot Known
Detection Tool See If Your System Has Been Affected by .guesswho File Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .guesswho File Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Guess Who Ransomware – Infection (Update August 2019)

The .Guess Who Ransomware is infecting new users even now in August 2019. With the new information by user reports, we see that the email addresses used for contacting the cybercriminals are grupposupp@protonmail.ch and grupposupp@airmail.cc although there also seems to be a variant using mail@rapid2019.com and directreserve@airmail.cc. That may be a tactic from the cybercriminals to try and hide better from law enforcement or to try to detect better which variant makes more sales.

Some of the names used by different security tools who have detected the infection of Guesswho are the following:

  • Win32:Trojan-gen
  • Generic.Ransom.Rapid2.6E832924
  • A Variant Of Win32/Filecoder.Rapid.A
  • Trojan.Win32.DelShad.px

Most security tools detect the .Guess Who Ransomware but not all stop the initial infection or try to remove it after the fact.

Guesswho Ransomware – More Information

Because of the email addresses provided by the cybercriminals behind .guesswho files virus – rapidka@cock.li or notnepo@cock.lu – there may be a connection between this ransomware and

Gefest Scarab ransomware. The latter used the mrpeterson@cock.li email. However, we cannot confirm that the ransomware viruses are related as we need further details.

What we know so far is that the ransomware utilizes the .guesswho extension which is appended to encrypted files. A victim of the ransomware who got in touch with us shared that the ransom note is called recovery.txt and says the following:

Hello, dear friend!
All your files have been ENCRYPTED
Do you really want to restore your files?
Write to our email – rapidka@cock.li or notnepo@cock.lu
and tell us your unique ID – ID-94PB343W

Guesswho Virus Removal

We will update this article once we know more about the virus and we can provide a more detailed analysis. In the meantime, infected users can back up their encrypted files and remove the ransomware via an anti-malware program. The removal of the ransomware is recommended as it will stop the virus of spreading further, and it will also prevent encryption of more files.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...