Geometrical Ransomware is a malicious software that encrypts victims’ files, rendering them inaccessible until a ransom is paid to the attackers. This type of ransomware is part of a growing trend of cyber threats targeting individuals and organizations, causing significant financial and data loss. Understanding the mechanics of Geometrical Ransomware, its impact, and how to effectively remove it is crucial for maintaining cybersecurity.
Actions and Consequences of Geometrical Ransomware
Geometrical Ransomware typically infiltrates systems through phishing emails, malicious downloads, or exploiting software vulnerabilities. Once inside, it executes the following actions:
- Encryption: The ransomware scans the system for various file types (e.g., documents, images, videos) and encrypts them using a strong encryption algorithm.
- Ransom Note: After encryption, it drops a ransom note, usually in a text file, informing the victim of the encryption and demanding a ransom payment in cryptocurrency, typically Bitcoin, for the decryption key.
- Modification of System Settings: It may alter system settings to prevent recovery methods, such as disabling system restore points and shadow copies.
- Persistence: Some variants of Geometrical Ransomware may install backdoors to maintain access to the compromised system, even after the ransom is paid.
The text of the threat in its original Korean language is:
‘geometrical ransomeware. v1
기하학적 랜섬웨어. v1
made by j.d.h.
opps! 당신의 모든 파일들은 암호화 되었습니다.
군사 수준의 알고리즘을 풀어 당신의 파일들을 복구하는 방법은 복구키를 구입하는 방법뿐입니다.
300$를 보내야 합니다.
당신의 해독 키는 1736-29467-28ke-dj72 이며 이를 입력하여 확인 후 복호화 키를 구입 가능합니다.
바이러스 파일을 삭제시키거나 백신을 키지 마십시오.
안티 바이러스가 업데이트되고 바이러스가 자동으로 삭제되면 돈을 지불했더라도 복구가 불가능 합니다. 하루가 지날 수록 지불해야 하는 금액은 배가 되며, 매일 100개의 파일들이 삭제됩니다.
문의:geometrical@geometrical.ransome.kr
왜 그렇게 심각하지?
좀 웃어봐
make smile.’
Detection Names for Geometrical Ransomware
Different cybersecurity vendors might label Geometrical Ransomware under various names. Some of these detection names include:
- Ransom:Win32/Geometrical
- Trojan.Cryptolocker.Geometrical
- W32/GeometricalCrypt
- Ransomware.Geometrical
Similar Threats
Geometrical Ransomware shares characteristics with other well-known ransomware strains, such as:
- WannaCry: A ransomware that exploits SMB protocol vulnerabilities.
- CryptoLocker: One of the earliest forms of ransomware, known for its widespread damage.
- Petya: Encrypts the master boot record (MBR), rendering the entire system inaccessible.
Removal Guide for Geometrical Ransomware
Removing Geometrical Ransomware involves several steps. It is crucial to follow these carefully to ensure complete eradication and recovery of your data.
Step 1: Isolate the Infected System
Disconnect the infected system from the network to prevent the ransomware from spreading to other devices.
Step 2: Enter Safe Mode
Restart your computer and boot into Safe Mode to limit the ransomware’s ability to launch automatically.
Step 3: Identify and Terminate Malicious Processes
- Press
Ctrl + Shift + Escto open the Task Manager. - Look for suspicious processes related to Geometrical Ransomware (e.g., processes with random names or unusual behavior).
- Right-click on these processes and select “End Task.”
Step 4: Delete Ransomware Files
- Open File Explorer and navigate to the following directories:
%AppData%%LocalAppData%%ProgramData%%Temp%
- Look for recently added suspicious files and delete them. Use the ransomware’s file extension and names mentioned in the ransom note as a guide.
Step 5: Remove Malicious Registry Entries
- Press
Win + R, typeregedit, and press Enter to open the Registry Editor. - Navigate to the following paths and look for entries created by the ransomware:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Delete any suspicious entries.
Step 6: Restore Encrypted Files
If you have backups, restore your files from a clean backup. If no backups are available, use file recovery tools to attempt data recovery, though success is not guaranteed.
Best Practices for Preventing Future Infections
- Regular Backups: Regularly back up your data to an external drive or cloud storage. Ensure backups are not connected to your network.
- Update Software: Keep your operating system, antivirus, and all software updated to protect against known vulnerabilities.
- Email Vigilance: Be cautious of unsolicited emails and do not open attachments or click on links from unknown sources.
- Use Strong Passwords: Implement strong, unique passwords for all accounts and change them regularly.
- Enable Multi-Factor Authentication (MFA): Use MFA wherever possible to add an extra layer of security.
- Educate Users: Provide regular cybersecurity training to employees or family members to recognize and avoid potential threats.
By understanding and implementing these guidelines, you can significantly reduce the risk of Geometrical Ransomware and other similar threats, ensuring the safety and integrity of your data.
