GetCrypt ransomware is a new malware that is being distributed through malvertising campaigns. Victims are first sent either a spam email or redirected to a malicious site. Malicious scripts on the site will try to exploit vulnerabilities on the user’s system. If it is successfully downloaded, the ransomware will immediately start scanning files on the user’s system. One interesting note is that if GetCrypt detects that the victim’s computer language is set to Ukrainian, Belarusian, Russian or Kazakh, the ransomware will terminate immediately. otherwise, the ransomware will start encrypting files on the infected computer. The virus will then create a ransom note named “# decrypt my files #.txt” and will demand that the user contacts “[email protected]” for payment instructions. GetCrypt also attempts to brute force attack the user’s network in an attempt to infect other computers.
Analyst Notes
A decrypter has already been released by researchers that will remove this particular infection. A user can download the free program by searching “decrypt_GetCrypt.exe.” Once downloaded the user must run the program and it will remove the infection. Users are also advised to regularly create a backup on an external drive so that you will always have a secure copy of files.
