Remove GURAM ransomware

GURAM ransomware is a file-encrypting type of infection that essentially takes files hostage. The ransomware targets all personal files, encrypts them, and demands payment for their recovery. The ransomware can be identified by the extension it adds to encrypted files. Specifically, it adds a .{victims’ IDs}.GURAM to file names. Files that have this extension will not be openable unless you first use a decryptor. However, obtaining a decryptor is not going to be easy as the only ones who have it are the malicious actors operating this ransomware. They will offer you the decryptor for 10 LTC (around $1,100 at the time of writing). However, paying the ransom is not recommended because there are no guarantees a decryptor will be sent to you considering you are dealing with cybercriminals.

 

 

GURAM ransomware is a very dangerous type of malware infection because it targets personal files, and it’s not always possible to recover them. It primarily targets documents, photos, videos, images, etc., essentially all files users think of as important. As mentioned above, encrypted files will have a file extension added to them. Specifically .{victims’ IDs}.GURAM. For example, 1.txt would become 1.txt.{victims’ IDs}.GURAM when encrypted by this ransomware. Files with that extension will not be openable unless you first use a decryptor on them. Malicious actors explain how a decryptor may be obtained in the ransom note.

The ransomware drops a “README.txt” ransom note. The note is very brief and to the point. It explains that files have been encrypted and that paying 10 LTC (around $1,100 at the time of writing) is necessary to get a decryptor. Three wallet addresses are provided. The note claims that victims have 24 hours to send proof of payment. After 24 hours, the price goes up. A test decryption costs 1 LTC.

The README.txt ransom note is below:

Your files are encrypted. To decrypt files you need to pay 10 LTC = 1000 $

You need to send cryptocurrency 10 LTC=1000$ to the address

ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9

ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9

ltc1qdwectzwfhuap0q9xsqh7t433568py527vxvtq9

You have 24 hours to send proof of payment to payfast1000@onionmail.org
payfast2000@onionmail.org

If you need a test file. It will cost 1LTC=100 $

If 24 hours pass and you do not pay, the cost of restoring your files will cost $2000-10000

Paying the ransom is never recommended for several reasons. First of all, paying does not guarantee a decryptor. You should keep in mind that you are dealing with cybercriminals, and there is nothing to force them to send you the decryptor. They could easily take your money and not send anything in return. What’s more, victims who pay are essentially funding future criminal activities.

If you have a backup of your files, you can connect to your backup and start recovering your files. However, you first need to remove GURAM ransomware from your computer. Make sure to use an anti-malware program because ransomware is a very complicated infection. Manual GURAM ransomware removal could cause additional damage.

How is GURAM ransomware distributed?

There are various methods used by malicious actors to spread ransomware, including torrents, email attachments, and deceptive links or ads. Users with poor online habits are at greater risk of infection because they often engage in risky behaviors. Developing healthier online habits is an effective way to steer clear of malware infections. It’s also important to be aware of common malware distribution tactics.

Emails are a common method for malware distribution. These malicious emails are frequently disguised as parcel delivery notifications or order confirmations. To grab users’ attention, they often mention large sums of money or expensive purchases, creating a sense of urgency for users to open the attachments. However, identifying these malicious emails is not usually difficult. Typically, they have glaring grammar and spelling mistakes that legitimate emails do not have. Moreover, they usually address recipients with vague words like “User,” “Member,” or “Customer,” while legitimate companies use recipients’ names since they have access to personal information.

Targeted malicious emails can be harder to spot because they are significantly more sophisticated. These emails would mention the recipient’s name, be free of mistakes, and include information that would give the email credibility. Therefore, it’s always recommended to avoid opening unsolicited email attachments without first scanning them with an anti-virus program or using VirusTotal to check for malware.

Torrents also serve as a common method for malware distribution. It’s widely recognized that torrent sites can be dangerous due to their poor moderation, allowing malicious actors to upload torrents that may contain malware. Torrents for entertainment content, such as movies, TV shows, and video games, frequently have malware. If you regularly download copyrighted content from torrent sites, you’re not only stealing content but also jeopardizing your computer and data.

How to remove GURAM ransomware

Ransomware is a very complex infection, which is why you should use an anti-virus program to remove GURAM ransomware. Once the ransomware has been fully removed, you can safely connect to your backup and start file recovery. If the ransomware is still present on your computer when you connect to your backup, backed-up files would become encrypted as well.

If you do not have a backup, your only option is to wait for a free GURAM ransomware decryptor to be released. If it does get released, it will become available on NoMoreRansom.