C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
GarrantyDecrypt Ransomware poses as EnigmaSoft's SpyHunter
G DATA analysts discovered a ransomware that poses as "Enigma SpyHunter5". SpyHunter is a "Malware Remediation Utility" by EnigmaSoft. The ransomware adopts the logo of SpyHunter as its icon, the file name is "SpyHunter5.exe" and it uses file properties that hint to SpyHunter as well. While it is common for malware to appeal to the user by presenting itself like a well-known program, this ransomware goes a step further and pretends it was in fact the SpyHunter application which encrypted the system. The ransom message states "Our company SpyHunter is guaranteed to decrypt your files. Creating and removing viruses is our vocation". Ransomware is a variant of GarrantyDecrypt. The ransomware is a variant of the GarrantyDecrypt family. We found the first mention of it in October 2018 by Michael Gillespie on Twitter. Most ransomware families have a list of file extensions to search for personal documents, backups and images that they target for encryption. It is rather unusual that GarrantyDecrypt targets files regardless of their extension. That means it will also encrypt, e.g., executable files. It appends ".spyhunter" to encrypted files and places a ransom note named $HOWDECRYPT$.txt into affected folders.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.