Cyber Security Center

How to remove Geno ransomware


Geno ransomware is file-encrypting malware that belongs to the Djvu ransomware family. It encrypts files, adds the .geno extension to affected files, drops the _readme.txt ransom note and demands $980 for file decryption.

 

Screenshot (59)

Geno ransomware comes from the Djvu malware family which has released hundreds of ransomware versions, such as Boop, Vari and Maas. They’re all more or less the same, drop the same ransom note, and demand the same sum of money for file decryption. This ransomware adds the .geno file extension to encrypted files, hence why it’s named Geno ransomware. Once files are encrypted, users will be unable to open them. Cyber crooks behind this ransomware would demand that victims pay $980 (or $490 if they make contact within 72 hours) to get the decryptor.

However, paying the ransom is often not recommended because it does not always lead to the desired outcome. Users should keep in mind that they are dealing with cyber criminals who are unlikely to care about whether victims recover files or not. There have been many cases in the past where victims were not sent a decryptor, even after paying. And even if a decryptor is sent, it will not necessarily work.

Unfortunately, while a free decryptor is available for many Djvu ransomware versions, this current one is currently undecryptable. The only sure way to recover Geno ransomware encrypted files is to use backup. If users had backed up files prior to infection, they need to remove Geno ransomware from their computers first and then access their backup. If the malware is still present when backup is access, files in it may become encrypted as well.

Ransomware distribution

Ransomware is usually distributed via methods like spam email, torrents, software cracks, malicious ads, etc. Generally, if users have good browsing habits, they can avoid the majority of malware.

Spam email is a popular malware distribution method because it’s very low-effort. Cyber criminals purchase loads of email addresses from hacking forums and launch spam email campaigns using them. Those spam emails are fortunately very obvious. They have files attached to them, are sent from weird email addresses and they’re full of grammar and spelling mistakes. Users should be very careful with unsolicited emails with attached files and double-check before opening them. All attachments from emails should be scanned with anti-malware software or VirusTotal before they are opened.

Malware also spreads via torrents and software cracks. Torrents and forums advertising copyrighted content for free are often not regulated, thus it’s very easy to upload malware onto them and disguise it as some kind of popular movie or game. Pirating is not only essentially stealing content, it’s also potentially dangerous to the computer.

Finally, it should be mentioned that installing updates is very important. Updates patch known vulnerabilities which can be used by malware to infect a computer. If possible, automatic updates should be enabled.

What does Geno ransomware do?

Geno ransomware targets files that are most important to users. That includes videos, photos, documents, etc. They will be encrypted and have .geno file extension added to them. For example, image.jpg would become image.jpg.geno. Files with this extension would not be openable until they are decrypted. But to decrypt those files, victims would need to pay, as is explained in the _readme.txt ransom note. According to the note, which is identical to all other versions of this ransomware family, the decryption tool costs $980, or $490 if victims make contact within the first 72 hours.

Here is the full Geno ransomware ransom note:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-sTWdbjk1AY
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
gerentoshelp@firemail.cc

Your personal ID:

Paying the ransom is, as already mentioned, not recommended. There are no guarantees that a decryptor would be sent, thus victims face losing both their money and their files.

Unfortunately, there is not free Geno ransomware decryption method currently available. Malware researchers do release free decryptors to help victims but that is not always possible. However, if a decryptor would become available, NoMoreRansom would likely have it.

Geno ransomware removal

In order to delete Geno ransomware, users need to use anti-malware software. Ransomware is a complex malware infection, thus users could end up doing even more damage if they do not know what they’re doing.

Once users remove Geno ransomware, they can access their backup and start recovering files.

Geno ransomware is detected as:

  • A Variant Of Win32/Kryptik.HFUY by ESET
  • Trojan.GuLoader by Malwarebytes
  • Trojan.Win32.Zenpak.avcy Kaspersky
  • Trojan:Win32/Ymacco.AAD3 by Microsoft
  • ML.Attribute.HighConfidence by Symantec