We just released a new free decryption tool for the GalactiCrypter ransomware strain.
If you have been infected with this ransomware, please download the FREE decryption tool linked below and DO NOT PAY the ransom. A detailed guide is also included.
Emsisoft Decryptor for GalactiCrypter
Technical details
GalactiCrypter is a strain of ransomware that uses AES-256 to encrypt a victim’s files. It was first distributed in 2016 but continues to be in circulation in 2019.
Encrypted files are prepended with the following string of characters: “ENCx45cR”. The ransomware instructs victims to pay 0.2 Bitcoin if they wish to receive a decryption code, which will restore access to their encrypted files. Under no circumstances should you pay the ransom.
Main GalactiCrypter UI
GalactiCyrpter – When you press the “View Secured Files” button
GalactiCyrpter – When you press the “Make Payment” button
GalactiCyrpter – When you press the “Unlock Files” button
The ransomware also displays a ransom screen that contains the following text:
READ:
IT IS VERY IMPORTANT THAT YOU DO NOT RENAME ANY FILES THAT WERE ENCRYPTED! THIS WILL LEAD TO THAT FILE BEING RE-ENCRYPTED AND THEN WILL BE LOST FOREVER!
Your important files on this computer were encrypted using a public RSA-2048 key, generated for this computer (photos, videos, documents, ect… Click the View Secured Files button to view all of your encrypted files).
Getting rid of this tool will NOT help. You will need this tool to DECRYPT and get access to your files again.
Your private decryption key has been created and stored on a secure and anonymous server. This key will allow you to decrypt all your files. This key is somewhere in the internet, and if payment is not made in the required time, it will be erased off the server permanently, and ALL your files will be permanently lost.
To obtain your private key for this computer, you will need to pay 150.00 USD / 150.00 EUR BitCoin. This is equal to 0.2 Bitcoin that must be paid to decrypt and regain access to all your files.
ANY attempts to remove, tamper or damage this software WILL lead to immediate termination of the private key and ALL your files will be permanently LOST.
Your time remaining is indicated on the left.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialIf you are ready to make the payment, please click the button below.
Successful decryption of GalactiCrypter