. https://www.gdatasoftware.com/blog/2019/04/31643-garrantydecrypt-ransomware-spyhunter
blog article
G DATA analysts discovered a ransomware that poses as "Enigma SpyHunter5". SpyHunter is a "Malware Remediation Utility" by EnigmaSoft. The ransomware adopts the logo of SpyHunter as its icon, the file name is "SpyHunter5.exe" and it uses file properties that hint to SpyHunter as well. While it is common for malware to appeal to the user by presenting itself like a well-known program, this ransomware goes a step further and pretends it was in fact the SpyHunter application which encrypted the system. The ransom message states "Our company SpyHunter is guaranteed to decrypt your files. Creating and removing viruses is our vocation". Ransomware is a variant of GarrantyDecrypt. The ransomware is a variant of the GarrantyDecrypt family. We found the first mention of it in October 2018 by Michael Gillespie on Twitter. Most ransomware families have a list of file extensions to search for personal documents, backups and images that they target for encryption. It is rather unusual that GarrantyDecrypt targets files regardless of their extension. That means it will also encrypt, e.g., executable files. It appends ".spyhunter" to encrypted files and places a ransom note named $HOWDECRYPT$.txt into affected folders. READ MORE