Home Malware Programs Ransomware Galacti-Crypter Ransomware

Galacti-Crypter Ransomware

Posted: October 4, 2019

The Galacti-Crypter Ransomware or RANWare is a file-locker Trojan that blocks your media and holds it for ransom. The Galacti-Crypter Ransomware generates pop-ups with ransoming demands, similarly to some Ransomware-as-a-Service families and independent Trojans, and sells the decryptor for Bitcoins. Users should keep their money and recover with backups, if they can do so, after quarantining or removing the Galacti-Crypter Ransomware with a competent anti-malware service.

Not Galaxy-Brained Programming Exactly

A supposedly galactic Trojan is in the first stages of its development, judging by the various error messages its payloads are outputting currently. While it's not as well-programmed as some Trojans, such as the streamlined the STOP Ransomware or the Scarab Ransomware families, the Galacti-Crypter Ransomware offers similar problems. It uses encryption for locking content, and extortion after that. According to malware experts, however, users with patience can find cheaper ways of recovering.

The Galacti-Crypter Ransomware, whose code refers to it as RANWare, in some places, uses what malware researchers are estimating as a variant of RSA for encryption. This non-consensual conversion of files (documents, pictures, and other media) into encrypted data makes them non-opening until they go through a compatible decryptor. Fortunately, unlike most applications of RSA algorithms, the Galacti-Crypter Ransomware's version is non-secure, and victims should find free assistance for recovery among experienced members of the cyber-security sector.

The reason for this massive oversight is likely due to the threat actor's banking on the program's encryption. It uses what it refers to as 'GalaxyLionObfuscator' internally. This obfuscator is, in fact, just a renamed version of the free, GitHub ConfuserEx – an open-source, anti-analysis tool for .NET applications. Without any additional updates, the Galacti-Crypter Ransomware represents a lesser danger to any victim's documents and other content, despite the ease of programming a secure AES and RSA combination (for one, prominent example).

Confused File Names in One Hand, and a Ransom Note in the Other

Symptoms of the Galacti-Crypter Ransomware infections include pop-ups that may confuse it with similar threats, such as the Jigsaw Ransomware or the Crysis Ransomware. Like them, it uses graphically-oriented content for streamlining the extortion process and encouraging users into paying quickly, such as by initiating a countdown. Doing so, naturally, has no certainty of unlocking anything.

Malware experts also are outlining a slightly uncommon feature that ties into the Galacti-Crypter Ransomware's extortion efforts. The program doesn't add extensions to anything but will overwrite filenames with semi-random characters. Confusing the content that it has captive can provoke some victims into panicking, since it makes it that much more challenging to ascertain the extent of the data loss. The ransom note, also, references this function with a warning against renaming the files.

As with other Trojans that use harmful cryptography, malware experts find non-local and secure backups as the best tools for recovering after attacks. Furthermore, suitable anti-malware products with well-maintained threat databases should eliminate the Galacti-Crypter Ransomware automatically, whether before or after the installation.

The Galacti-Crypter Ransomware asks for a fraction of a Bitcoin that, unfortunately, converts into a significant amount of 'real world' money. Before you pay, stop and look around for free unlockers – you might end up saving more than your computer.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Galacti-Crypter Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.