Home Malware Programs Ransomware '.guesswho File Extension' Ransomware

'.guesswho File Extension' Ransomware

Posted: April 25, 2019

The '.guesswho File Extension' Ransomware is a file-locking Trojan: a Trojan that scans your PC for media files and blocks them with various encryption methods. Although there isn't a free decryptor for this threat, users should save their files by establishing appropriate backups. Standard operating procedure for guaranteeing your PC's safety requires having a dedicated anti-malware product uninstall the '.guesswho File Extension' Ransomware before starting any data-recovering attempts.

Guess Who Else this Trojan Resembles

A file-locker Trojan whose campaign has some interesting connections to predecessors is out and attacking Windows victims. Although most of the evidence in the '.guesswho File Extension' Ransomware's attacks are tangential or circumstantial, they point toward an acting administrator who has some experience wielding this threat. This detail could translate into more competent phishing lures for infecting targets or access to black hat tools like password-cracking brute forcers.

The '.guesswho File Extension' Ransomware uses attacks that aren't too different from those of a bare-minimum build of Hidden Tear, or RaaS families like the Scarab Ransomware. First, it encrypts media files on your hard drives, including documents, photos, and other content that isn't a Windows component. Then, it tags them with the added extension from its name, purely for helping victims identify the newly non-working content. The last feature that malware experts confirm drops a copy-paste of the ransom note from the campaign of the '.bRcrypT File Extension' Ransomware, a possible variant of the CrazyCrypt Ransomware.

However, the '.guesswho File Extension' Ransomware includes one, other connection to another file-locking Trojan: the e-mail address in its instructions, which is the same as one from the Scarab-Gefest Ransomware. While malware experts find far too little evidence of the '.guesswho File Extension' Ransomware's being a new version of the Scarab Ransomware, its author may be testing out the ransoming profits of different families.

Removing the Guessing Game from Protecting Your Work

Although the victims of the '.guesswho File Extension' Ransomware's attacks are limited, malware researchers recommend paying close mind to some of the most highly-exploited infection vectors particularly. File-locker Trojans may infect your PC after any of the following:

  • Opening e-mail attachments with outdated software or enabling macros or other content that lets a drive-by-download occur.
  • Admins leaving their network or server's login vulnerable to brute-force attacks by using unwise choices of passwords.
  • Illicit or fake downloads, such as pirated games and updates, through torrents, corrupted advertisements, or unsecured freeware sites, can include file-locker Trojans' installers.

Most anti-malware products should delete the '.guesswho File Extension' Ransomware appropriately. Note that while some sources do claim that the '.guesswho File Extension' Ransomware is a virus, malware experts find no evidence of its reproducing through that method – which injects the threat into other files.

The '.guesswho File Extension' Ransomware is a new problem for Windows users, but for those who aren't using backup solutions to their fullest specifically. Whatever you forget to do, inevitably, comes back around, sooner or later, even if the means of its doing so is via Trojans.

Loading...