GC47 Ransomware Removal Steps and .Fuck_You Data Recovery

GC47 ransomware has been recently detected by security researchers. In this article, we will report the impacts GC47 ransomware cause on the system, common ways of its distribution and prevention tips against the threat. For all victims, we have included a detailed removal guide with data recovery part.

GC47 Ransomware Features and Impact

GC47 ransomware is a crypto virus that penetrates computer system, modifies its settings and targets particular data. The analysis of GC47 ransomware code reveals it to be yet another Hidden Tear variant. The infection process starts once the malicious file GC47_Ransomeware.exe is running on the system. The threat is then likely to scan all local computer drives as well as all removable memory drives, shared drives and folders in searching for particular file types. In fact, GC47 ransomware has a predefined list of file extensions in its configuration settings and whenever it detects a match during the scanning process the encryption of the file is what follows. For the encryption, GC47 is most likely to use the AES encipher algorithm because it is as you already know a Hidden Tear based ransomware.

Hidden Tear project is an open source ransomware code created by malware researchers. It was first released for educational purposes, but it was not long until the first real malware based on its code has appeared on the web. Currently, we have reported several ongoing ransomware campaigns based on the code of Hidden Tear like Dangerous and MafiaWare.

Upon encryption, the GC47 ransomware appends the offensive extension .Fuck_You at the end of the original file names. Then all corrupted files become inaccessible and are no longer readable by the installed applications on the infected computer. Regarding the targeted data it is most likely that GC47 ransomware encrypts MS Office documents, images, videos, text files, archives and other commonly used file types.

According to extortionists, the solution is to send them 50 USD in BTC to their Bitcoin address and then contact them at [email protected]. Perhaps, they will send you decryption software and a key that will decrypt enciphered data.

This information becomes apparent from the ransom message they leave to all GC47 victims. It is included in a TXT file called READ_IT.txt and is probably dropped on the Desktop then displayed automatically on the screen. All that it reads is:

Fuck_You was Encrypt your File,
Send 50 USD BTC Address 14vY5z8fWzCj93YTwbGiLd6ansZNM32kC3
Then meet me,
my email [email protected]

For all victims of GC47 ransomware: Nevertheless, if you want to avoid further cyber security issues, we advise you always to avoid contacting cyber criminals. The instructions below will guide you through a consistent and reliable removal process. Once you are sure that the threat is no longer infecting your computer, make a backup of all encrypted files (although the malicious extension they are secure) and go back to Step VI where you will find data recovery approaches. Last but not least, we are here to help you in a safe manner, and you contact us every time you have any questions.

Means of GC47 Ransomware Distribution

The malicious payloads of GC47 ransomware are possible to be part of spam email campaigns that contain suspicious URLs or attachments.

They could also be included in malvertising activities and presented to you in the form of banners, popups, new tab pages, links, and even video advertisements.

Suspicious links on social media posts and shares from compromised user profiles are also likely to be used as a mean of the GC47_Ransomeware.exe distribution.

Summary of GC47 Ransomware

 


Name
GC47 Ransomware

File Extension
.Fuck_You

Ransom
50 USD (0.04 BTC)

Easy Solution
You can skip all steps and remove GC47 ransomware with the help of an anti-malware tool.

Manual Solution
GC47 ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution
Spam emails, malicious URLs, malicious attacments, exploit kits, freeware.

GC47 Ransomware Removal

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely GC47 Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of GC47 requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete GC47 ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

    1) Use present backups
    2) Use professional data recovery software

      Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps


restore-files-using-system-restore-point

    4) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

STEP VII: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

How disturbing is this problem?

Gergana Ivanova

Author : Gergana Ivanova

Gergana Ivanova is computer security enthusiast who enjoys presenting the latest issues related to cyber security.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *