How to delete Ggeo ransomware

Ggeo ransomware is file-encrypting malicious software that will encrypt your personal files and demand money in exchange for a decryptor. It’s one of the more recent versions of the Djvu/STOP ransomware. The cybercriminals operating this ransomware family release new versions on a regular basis. You can differentiate the versions by the extensions added to encrypted files. This particular one adds .ggeo, hence why it’s known as Ggeo ransomware. $980 is requested in ransom in exchange for a decryptor. But a Ggeo ransomware decryptor is not guaranteed, even if you pay because you’re dealing with cyber criminals who don’t always feel like they need to keep their end of the deal.


Ggeo ransomware note


Like other ransomware, Ggeo ransomware targets all personal files and immediately begins encrypting them after being initiated. Your photos, videos, images, documents, etc., will all be encrypted. You can recognize encrypted files right away since they will all have the .ggeo extension added to them. An image.jpg file, for example, would become image.jpg.ggeo. The encrypted files must first be decrypted in order for you to be able to open them. The _readme.txt ransom note, which is dropped in all folders that have encrypted files, provides instructions on how to obtain the decryptor. Unfortunately, the criminals behind this ransomware want $980 in exchange for the decryptor. We’re not sure how credible these claims are but the ransom note does mention a 50% discount for victims who contact the cyber criminals within the first 72 hours. Keep in mind that you are dealing with cybercriminals who probably won’t feel obligated to send you the decryptor even if you pay.

Unfortunately, those without backups do not presently have an option to decrypt files for free. Malware researchers do release free decryptors to help victims when they can, but not all ransomware is that simple to crack. The problem with Ggeo ransomware and other versions from this family is that they use online keys to encrypt files. This means the keys are unique to each victim. A free Ggeo ransomware decryptor is unlikely unless the developers of the malware release those keys. Although it’s worth a try, the free Djvu/STOP decryptor by Emsisoft is unlikely to decrypt files encrypted by the Ggeo ransomware.

Also worth noting is the prevalence of fake decryptors, particularly for the Djvu/STOP ransomware family. Users need to be very cautious and only download decryptors from reliable websites, such as NoMoreRansom and Emsisoft. It’s more likely that a decryptor you find on a questionable forum would infect your computer with malware than it would decrypt your files.

Users can access their backups and start recovering files as soon as they remove Ggeo ransomware from their computers. Ggeo ransomware is a very sophisticated malware that needs specialized tools to remove, hence it is advised to use anti-malware software to delete Ggeo ransomware from the computer.

How did ransomware get into your computer?

Users’ poor online habits frequently result in malware infections. If users click on advertisements while visiting dubious websites, open unsolicited email attachments without double-checking, download files via torrents, etc., they greatly increase their chances of infecting their computers with malware. Changing your habits can prevent many malware infections in the future.

It is common knowledge that downloading copyrighted content using torrents often leads to serious malware infections. Malicious actors can post torrents for movies, TV shows, video games, software, etc., with malware in them because torrent sites are frequently not well-moderated. Users unintentionally initiate the infection when they open a malicious torrent that they’ve downloaded.

Email attachments are among the most popular ways for people to download malware onto their systems. Malicious actors send emails with malicious attachments using email addresses they buy from various hacker forums. Malicious emails are often quite obvious to anyone who is aware that malware can be distributed via emails. One of the biggest giveaways is when senders claim to be from known companies but the emails contain many grammar/spelling mistakes. Legitimate emails rarely contain mistakes since they make emails look unprofessional. Another red flag is when senders who ought to know your name address you with generic words like “User”, “Member”, “Customer”, etc. Malicious actors are forced to use generic terms because they do not have access to personal information. Finally, it’s strongly recommended to scan all unsolicited email attachments with anti-virus software or VirusTotal before opening them to make sure they are safe to open.

Ggeo ransomware removal

Using anti-malware software to delete Ggeo ransomware is strongly recommended because ransomware is a complicated infection. Users should avoid trying to manually remove Ggeo ransomware since they run the risk of further causing damage to their computers. Unfortunately, files will not be decrypted just because you delete Ggeo ransomware. You would need a decryptor for that. As soon as you delete Ggeo ransomware, you can access your backup to start recovering files.

Ggeo ransomware is detected as:

  • Win32:PWSX-gen [Trj] by AVG/Avast
  • Trojan.GenericKDZ.89819 by BitDefender
  • Trojan.GenericKDZ.89819 (B) by Emsisoft
  • A Variant Of Win32/Kryptik.HQEB by ESET
  • Packed-GEE!AB517F17973F by McAfee
  • Trojan:Win32/Raccrypt.GN!MTB by Microsoft
  • HEUR:Trojan.Win32.Chapak.gen by Kaspersky
  • Trojan.MalPack by Malwarebytes
  • TROJ_GEN.R002C0PGG22 by TrendMicro


Ggeo ransomware detections