Remove Guster Ransomware and Restore .locked Files
THREAT REMOVAL

Remove Guster Ransomware and Restore .locked Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Guster and other threats.
Threats such as Guster may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will help you remove Guster ransomware effectively. Follow the ransomware removal instructions provided at the end of the article.

Guster is the name of a nasty ransomware that plays an audio file when it encrypts your data. Your files will become encrypted and receive the .locked extension when the encryption is done. Then, the Guster cryptovirus displays a ransom message with demands for payment. Read further to see what methods you can try to see if you can restore some of your data.

Threat Summary

NameGuster
TypeRansomware
Short DescriptionThe ransomware encrypts files on your computer and displays a ransom message afterward.
SymptomsThe ransomware will encrypt your files and put the .locked extension on all of them when the encryption process is set and done. You will then see a ransom note being put up and the following audio file will be played:
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Guster

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Guster.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Guster Ransomware – Distribution Tactics

Guster ransomware could be distributed via different tactics. The payload file that initiates the malicious script for the ransomware, which in turn infects your computer device has been spotted on the Web. You can check out the malware analysis of the VirusTotal service for that executable file of the Guster virus, from the screenshot down below:

Guster ransomware might additionally be distributing the same payload file on social media and file-sharing sites. A lot of freeware programs might be promoted as useful on the Web, but may be hiding the malicious script for the virus. Do not immediately open files you have downloaded, which come from suspicious sources like links or emails. Instead, you should scan them first. Perform a scan with a security tool and check the size and signatures of the files for anything that seems dubious. You should read the ransomware prevention tips from the topic in the forum.

Guster Ransomware – Technical Analysis

Guster is the name of a ransomware which is also a cryptovirus. It will encrypt files on your computer machine while appending the same extension to them afterward. It might be a HiddenTear variant.

Guster ransomware could make entries in the Windows Registry to achieve persistence. Those registry entries are usually designed in a way that will start the virus automatically with each launch of the Windows Operating System.

The ransom note will appear right after the encryption process completes. It is instantly distinguishable, because of the audio message that plays. The note states what the demands of the cybercriminals are for the ransom price, along with other instructions and demands for decrypting your files. You can preview the ransom note in the screenshot right here:

That ransom message reads the following:

All of your files (documents, videos, photos, musics, pdfs, etc) have been encrypted with a strong military cryptography.
The only way you have to get your files back to you, is paying a fee of 0.4 bitcoins, which worth something about 300,00 USD.
You can buy bitcoins in various sites all over the web, like localbitcoins.com and various others. If you try to delete me or something funny,
I SWEAR I’ll blow up your whole files and you’re never going to see it again.
It’s serious!
You have 48 hours to pay me these bitcoins or you’ll never get to see yours files again! You’re warned!

Follow these steps in order to get your files back:

1 – Go to a Bitcoin exchange site and buy exactly 0.4 BTCs
1.1 – You can take a look at some of these sort of sites here: https://www.bestbitcoinexchange.io
2 – Send an email with your ID to [email protected]
3 – Wait for a email-reply with more instructions
3.1 – It may take about 6-8 hours, if it takes more than that, send the email again. FAAAST!
3.2 – Remember! You have only 48 hours, so you better hurry up!
4 – After following all the steps (including email reply steps), you’ll get the PASSWORD to decryption.
5 – Type the password in the indicated field
6 – Click on ‘Decrypt!’
7 – It’s done. Your files will be decrypted!

Your ID: [Redacted] [Timer] Type the password here:

The virus does not actually delete any files, even if it threatens so in the ransom note.

The cyber crooks have put in that ransom note, the demanded price for decryption of your files. That price is 0,4 Bitcoins or approximately 360 US dollars. You should NOT in any circumstance pay the cybercriminals. Your files may not get recovered, and nobody can give you a guarantee for that. Also, giving money to these criminals will probably end up in supporting them and give them an even bigger incentive to create other ransomware or do more criminal acts.

As of now, there is no list of file extensions which the Guster ransomware seeks to encrypt. However, all files that get encrypted will receive the same extension appended to them, namely .locked.

The Guster cryptovirus is most likely going to delete the Shadow Volume Copies from any Windows operating system by using the following command:

→vssadmin.exe delete shadows /all /Quiet

Continue to read and find out what kind of ways you can try to restore some of your data potentially.

Remove Guster Ransomware and Restore .locked Files

If your computer got infected with the Guster ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by Guster and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Guster.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Guster follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Guster files and objects
2. Find files created by Guster on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Guster

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...