Remove GetCrypt

May 23, 2019

What is GetCrypt

GetCrypt ransomware is a cryptovirus that was first spotted in the wold by security researchers from nao_sec in May 2019. The malware does not seem to have any connection to any ransomware families and is a standalone project by unknown hackers. Despite it being a new virus, researchers already developed a decryption tool that can be used to recover data for free.

Once inside, GetCrypt ransomware locates pictures, music, databases, documents, etc., and employs RSA-4096 + Salsa20 encryption ciphers to lock them up, while also appending a file extension that consists of a four random characters, for example .GTUN, .RBRS, and similar.

Remove GetCrypt

From that point of time, users cannot access their personal data, although they can also notice a # DECRYPT MY FILES #.Txt ransomware placed into each of the affected folders. The message from the threat actors behind GetCrypt virus states that victims need to write an email to GETCRYPT@COCK.LI for the further instructions and the decryptor price.

Download Removal Toolto remove GetCrypt

Nevertheless, as previously stated, the virus is decryptable. Therefore, if you got infected and your data is locked, remove GetCrypt ransomware, and then decrypt your files for free.

GetCrypt virus is being distributed via Popcash malvertising campaigns that redirect users to malicious sites which host Rid exploit kit. The latter was developed in 2016 and was used for the circulation of a variety of malware, including Locky, GandCrab, Cerber, Spora, Ramnit, Princess, and others. Nevertheless, it does not mean that other tactics cannot be employed by hackers, such as:

Spam emails; Fake updates; Brute-forcing; Web injects; Pirated software or its cracks, etc.

Before GetCrypt ransomware starts the encryption process, it changes the way Windows operates by modifying/deleting/spawning such sectors like registry, boot, services, processes, shadow volume copies, etc. Additionally, researchers also noticed that the malware exists without executing any tasks if the computer language is set to Russian, Ukranian, Belarusian, or Kazakh.

All the data becomes inaccessible after GetCrypt ransomware appends the extension to the files. For example, instead of seeing a regular picture.jpg format, victims will see picture.jpg.GHPY, or similar. After the encryption, the ransom note # DECRYPT MY FILES #.Txt explains to victims what to do next:

After system modification and file encryption process, GetCrypt ransomware tries to spread laterally and encrypt files located on the network by using the WNetEnumResourceW feature. In case it does not succeed, the malware will try to brute-force its way in with the help of a predetermined list of usernames and passwords, such as “123,†“111,†“admin,†“Guest,†and similar.

For GetCrypt ransomware removal, users should employ reputable security application which can recognize the threat as Ransom.GetCrypt, Trojan:Win32/Occamy.C, Malware@#3ttqjf9a6qhwv, TROJ_FRS.0NZ900EL19, Trojan.Multi.Generic.4!C, etc. Once elimination is completed, experts recommend scanning the device with repair software such as to recover from GetCrypt virus damage.

Download Removal Toolto remove GetCrypt

How does GetCrypt works

Exploit kits are a sophisticated set of tools designed to penetrate vulnerabilities inside the system and embed the malicious payload. This technique is often paired with redirects that come from such infections as adware or JavaScript on a malicious/hacked website.

Once the user is redirected, the exploit kit is capable of scanning the device and looking for security flaws. If successful, the malware is installed automatically, without any type of user interaction. However, those who patch their systems, along with the installed software, on time renders the exploitation useless, even if the malicious domain is reached via the redirect.

Install a powerful security application; Enable Firewall; Backup the files located on the local HDD; Stay away from spam email attachments and suspicious hyperlinks; Enable two-factor authentication and use password manager for all accounts; Enable ad-blocker; Not attempt to download cracks or pirated software.

How to delete GetCrypt

Before you proceed to file recovery procedure, you need to make sure GetCrypt ransomware removal is executed correctly, otherwise, all the retrieved data would be encrypted again. For that, you should access Safe Mode with Networking which would temporarily disable the operation of the virus (we provide the instructions on how to enter it below).

Once you remove GetCrypt virus completely, you should then connect your backups and copy all the files over. In most cases, those who have no backups are destined to lose their data forever, especially if Shadow Volumes were deleted by the malware successfully. Luckily, Emsisoft decrypter is available for GetCrypt ransomware decryption, so download the software and run it to retrieve your pictures, documents, databases and other files for free. If the tool does not work for you, try third-party software as explained below.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to GetCrypt. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove GetCrypt Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for GetCrypt or anything related to it, and once you find it, press ‘Remove’.

Uninstall GetCrypt Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for GetCrypt or anything related to it, and once you find it, press ‘Remove’.

Delete GetCrypt Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for GetCrypt or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If GetCrypt.safariextz appears on the list, select it and press ‘Clear’.

Remove GetCrypt Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for GetCrypt or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that GetCrypt is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the GetCrypt program.
  7. Select GetCrypt or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from GetCrypt

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete GetCrypt

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect GetCrypt, go back to the Clean up computer and reset settings.

Download Removal Toolto remove GetCrypt

Reset Mozilla Firefox to Default

If you still find GetCrypt in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *