What is Ransomware?
Ransomware is a type of malicious software that encrypts and restricts access to an individual's files. The cybercriminal behind the ransomware then demands a ransom from the victim to restore access to the data upon payment. The cost of the ransom can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
About Geqp9 Ransomware
Geqp9 Ransomware is a malicious software that encrypts all the files in a computer until the user pays a ransom. Geqp9 Ransomware drops a file named Geqp9 drops a file named uKz4_HOW_TO_DECRYPT.txt, containing the ransom note.
Geqp9 Ransomware they fill is delivered through a Win32 EXE file. Files encrypted by Geqp9 Ransomware will have the .Geqp9 extension appended at the end of the file. Geqp9 also uses cmd line tools excessively to alter registry or file data. The Geqp9 Ransomware may sleep (evasive loops) to hinder dynamic analysis.
Geqp9 Ransomware has also been spotted inside the following files and processes: ['xxx.exe']
Geqp9 Ransomware Capabilities
- Creates a process in suspended mode
- Queries the volume information of a device
- Queries a list of all running processes
- Disable Windows Defender real-time protection
- Sample monitors Window changes, analyze the sample with the simulation cookbook
- Found potential dummy code loops, likely to delay forensic analysis
- Uses cmd line tools excessively to alter registry or file data
- Uses reg.exe to modify the Windows registry Disable Windows Defender real time protection (registry)
- Uses net.exe to stop services May sleep to hinder dynamic analysis
- May encrypt documents and pictures
- Enumerates the file system
- Creates files inside the program directory
- Uses net.exe to stop services
How to remove Ransomware?
If you want to remove ransomware, the first thing you should do is to make sure that you have all the necessary tools and files on your computer. If you have a backup of your files, it's also a good idea to have it ready.
You should also be sure that your anti-malware software is up-to-date and running on all your devices. A good anti-malware program will scan your computer for any malicious programs that have been installed and attempt to remove them.
If you have already by infected with ransomware and the anti-malware app cannot remove it, try checking online to see if there is a decryptor available for the specific infection.
How protect from Geqp9 Ransomware?
There are a few things that you can do to protect yourself from ransomware. The first thing is to make sure that your anti-malware software is up-to-date, and also make sure that your computer's operating system, software and all your devices are up-to-date as well. You can also install firewalls on your device to filter any incoming connections, and also make sure all your devices are connected to a single internet connection.