Galacti-Crypter Ransomware
The Galacti-Crypter Ransomware or RANWare is a file-locker Trojan that blocks your media and holds it for ransom. The Galacti-Crypter Ransomware generates pop-ups with ransoming demands, similarly to some Ransomware-as-a-Service families and independent Trojans, and sells the decryptor for Bitcoins. Users should keep their money and recover with backups, if they can do so, after quarantining or removing the Galacti-Crypter Ransomware with a competent anti-malware service.
Not Galaxy-Brained Programming Exactly
A supposedly galactic Trojan is in the first stages of its development, judging by the various error messages its payloads are outputting currently. While it's not as well-programmed as some Trojans, such as the streamlined the STOP Ransomware or the Scarab Ransomware families, the Galacti-Crypter Ransomware offers similar problems. It uses encryption for locking content, and extortion after that. According to malware experts, however, users with patience can find cheaper ways of recovering.
The Galacti-Crypter Ransomware, whose code refers to it as RANWare, in some places, uses what malware researchers are estimating as a variant of RSA for encryption. This non-consensual conversion of files (documents, pictures, and other media) into encrypted data makes them non-opening until they go through a compatible decryptor. Fortunately, unlike most applications of RSA algorithms, the Galacti-Crypter Ransomware's version is non-secure, and victims should find free assistance for recovery among experienced members of the cyber-security sector.
The reason for this massive oversight is likely due to the threat actor's banking on the program's encryption. It uses what it refers to as 'GalaxyLionObfuscator' internally. This obfuscator is, in fact, just a renamed version of the free, GitHub ConfuserEx – an open-source, anti-analysis tool for .NET applications. Without any additional updates, the Galacti-Crypter Ransomware represents a lesser danger to any victim's documents and other content, despite the ease of programming a secure AES and RSA combination (for one, prominent example).
Confused File Names in One Hand, and a Ransom Note in the Other
Symptoms of the Galacti-Crypter Ransomware infections include pop-ups that may confuse it with similar threats, such as the Jigsaw Ransomware or the Crysis Ransomware. Like them, it uses graphically-oriented content for streamlining the extortion process and encouraging users into paying quickly, such as by initiating a countdown. Doing so, naturally, has no certainty of unlocking anything.
Malware experts also are outlining a slightly uncommon feature that ties into the Galacti-Crypter Ransomware's extortion efforts. The program doesn't add extensions to anything but will overwrite filenames with semi-random characters. Confusing the content that it has captive can provoke some victims into panicking, since it makes it that much more challenging to ascertain the extent of the data loss. The ransom note, also, references this function with a warning against renaming the files.
As with other Trojans that use harmful cryptography, malware experts find non-local and secure backups as the best tools for recovering after attacks. Furthermore, suitable anti-malware products with well-maintained threat databases should eliminate the Galacti-Crypter Ransomware automatically, whether before or after the installation.
The Galacti-Crypter Ransomware asks for a fraction of a Bitcoin that, unfortunately, converts into a significant amount of 'real world' money. Before you pay, stop and look around for free unlockers – you might end up saving more than your computer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.