Ggew ransomware is file-encrypting malware. It is a variant of the notorious Djvu/STOP ransomware. New variants of this ransomware are regularly released by the cybercriminals who control it, oftentimes every few days. The ransomware versions are identifiable by the extensions added to encrypted files. Your files will have .ggew appended to them if your computer is infected with the Ggew ransomware. The hackers will offer to sell you the decryptor for $980, however, paying the ransom is not advised because it does not ensure that a decryptor will actually be sent to you.
Ggew ransomware is one of the more recent Djvu/STOP ransomware versions. This malware will begin encrypting your files as soon as it is initiated. It primarily targets personal files, such as photos, videos, images, documents, etc. The extension that’s added to encrypted files will let you know which files have been encrypted. It adds .ggew in this case. image.jpg, for example, would become image.jpg.ggew. Unfortunately, unless you run a decryptor on them beforehand, you won’t be able to open any of these files. The _readme.txt ransom note provides instructions on how to obtain the decryptor.
The _readme.txt ransom note can be found in any folder that contains encrypted files. The note states that victims can buy a decryptor for $980. Users that get in touch with the cybercriminals within the first 72 hours are allegedly eligible for a 50% discount as well, but it’s unclear whether this is actually the case. Generally speaking, we do not advise purchasing a decryptor from malicious actors because there is no assurance that you will actually receive it. Keep in mind that you are dealing with cybercriminals, and nothing can stop them from taking your money without sending anything to you in return. Numerous victims have paid the ransom in the past but never received their decryptors.
Users without backups will have a very difficult time recovering their files. Waiting for a free Ggew ransomware decryptor to become accessible is their only option. However, because this ransomware uses online keys to encrypt files, developing a decryptor for malware researchers will be challenging. Online encryption keys mean that each victim has a unique key. A free decryptor is not very likely until those keys are released by the cybercriminals behind this ransomware. Even if it’s unlikely to work in your situation, the free Djvu/STOP decryptor created by Emsisoft is still worth a go. There are numerous fake and even malicious free decryptors advertised on questionable forums, so you should exercise caution when searching for them.
How is ransomware distributed?
It’s no secret that torrent sites are often very poorly regulated, which means malware is very prevalent on them. Unaware users unintentionally infect their computers with malware when they download a torrent that contains it. Malware is more likely to be present in torrents for popular content, such as movies, TV shows, video games, software, etc. So it’s possible that this malware infected your computer if you use torrents to pirate copyrighted content.
You might have also opened a malicious email attachment, which would have allowed the ransomware to infect your computer. Ransomware is frequently downloaded by users through email attachments. As long as the attachment is not opened, the emails carrying malware aren’t dangerous themselves. But the moment the file is opened, the infection spreads to the computer. Malicious emails are typically quite easy to identify. The biggest giveaways are spelling and grammar mistakes. It’s rather obvious that something is wrong when senders claim to be representing legitimate companies but the emails are full of spelling and grammar errors. Additionally, pay attention to how the sender addresses you. Any emails whose attachments you should open will address you by name. Malicious actors frequently don’t know users’ names so they’re forced to use generic words like “User”, “Member”, “Customer”, etc. It’s a good idea to always scan email attachments with anti-virus software or VirusTotal before opening them because certain malicious emails might be more sophisticated.
Use anti-malware software to remove Ggew ransomware
Avoid trying to manually delete Ggew ransomware because you risk damaging your computer even more. Ransomware is a very sophisticated infection that should be removed using professional software. If you attempt to manually remove Ggew ransomware, you might not be able to do it completely, which could allow the ransomware to later recover. Your backup data would become encrypted if that occurred while you were connected to it. Delete Ggew ransomware with anti-malware software to prevent losing access to your files forever. You can safely access your backup once the ransomware has been completely removed from your computer.
Ggew ransomware is detected as:
- Win32:PWSX-gen [Trj] by Avast/AVG
- Trojan.GenericKD.40001842 by BitDefender
- Trojan.GenericKD.40001842 (B) by Emsisoft
- A Variant Of Win32/Kryptik.HQDZ by ESET
- RDN/Generic PWS.y by McAfee
- Trojan:Win32/Raccrypt.GM!MTB by Microsoft
- TrojanSpy.Win32.VIDAR.YXCGPZ by TrendMicro
- Trojan.MalPack.GS by Malwarebytes
- HEUR:Trojan.Win32.Scarsi.gen by Kaspersky