GC47 ransomware has been recently detected by security researchers. In this article, we will report the impacts GC47 ransomware cause on the system, common ways of its distribution and prevention tips against the threat. For all victims, we have included a detailed removal guide with data recovery part.
GC47 Ransomware Features and Impact
GC47 ransomware is a crypto virus that penetrates computer system, modifies its settings and targets particular data. The analysis of GC47 ransomware code reveals it to be yet another Hidden Tear variant. The infection process starts once the malicious file GC47_Ransomeware.exe is running on the system. The threat is then likely to scan all local computer drives as well as all removable memory drives, shared drives and folders in searching for particular file types. In fact, GC47 ransomware has a predefined list of file extensions in its configuration settings and whenever it detects a match during the scanning process the encryption of the file is what follows. For the encryption, GC47 is most likely to use the AES encipher algorithm because it is as you already know a Hidden Tear based ransomware.
Hidden Tear project is an open source ransomware code created by malware researchers. It was first released for educational purposes, but it was not long until the first real malware based on its code has appeared on the web. Currently, we have reported several ongoing ransomware campaigns based on the code of Hidden Tear like Dangerous and MafiaWare.
Upon encryption, the GC47 ransomware appends the offensive extension .Fuck_You at the end of the original file names. Then all corrupted files become inaccessible and are no longer readable by the installed applications on the infected computer. Regarding the targeted data it is most likely that GC47 ransomware encrypts MS Office documents, images, videos, text files, archives and other commonly used file types.
According to extortionists, the solution is to send them 50 USD in BTC to their Bitcoin address and then contact them at [email protected]. Perhaps, they will send you decryption software and a key that will decrypt enciphered data.
This information becomes apparent from the ransom message they leave to all GC47 victims. It is included in a TXT file called READ_IT.txt and is probably dropped on the Desktop then displayed automatically on the screen. All that it reads is:
Fuck_You was Encrypt your File,
Send 50 USD BTC Address 14vY5z8fWzCj93YTwbGiLd6ansZNM32kC3
Then meet me,
my email [email protected]
Means of GC47 Ransomware Distribution
The malicious payloads of GC47 ransomware are possible to be part of spam email campaigns that contain suspicious URLs or attachments.
They could also be included in malvertising activities and presented to you in the form of banners, popups, new tab pages, links, and even video advertisements.
Suspicious links on social media posts and shares from compromised user profiles are also likely to be used as a mean of the GC47_Ransomeware.exe distribution.
Summary of GC47 Ransomware
| Name |
GC47 Ransomware |
| File Extension |
.Fuck_You |
| Ransom |
50 USD (0.04 BTC) |
| Easy Solution |
You can skip all steps and remove GC47 ransomware with the help of an anti-malware tool. |
| Manual Solution |
GC47 ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
| Distribution |
Spam emails, malicious URLs, malicious attacments, exploit kits, freeware. |
GC47 Ransomware Removal
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
-
1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
-
1) Open My Computer/This PC
2) Windows 7
-
– Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
-
– Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
-
1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely GC47 Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
-
1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
- 1) Use present backups
- 2) Use professional data recovery software
-
– Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
- 3) Using System Restore Point
-
– Hit WIN Key
– Select “Open System Restore” and follow the steps
- 4) Restore your personal files using File History
-
– Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
STEP VII: Preventive Security Measures
-
1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
