Gillette Ransomware

What is Gillette Ransomware?

If you cannot open your files, and you can see the “.GILLETTE” extension appended to them, there is no doubt that Gillette Ransomware is the culprit. This is a tremendously dangerous infection that can encrypt your files with the help of a complex algorithm. This algorithm is so strong that cracking it manually is not possible. While, in some cases, free decryptors are discovered and made public, this is not the case with this malicious threat. That means that once files are encrypted, you are in the mercy of the attackers. That is exactly what they want because if you believe that they are your only saving grace, you might start believing that you have to pay money to get your files back. Even though that is what the attackers want from you, we strongly recommend thinking long and hard about this “option.” Most likely, if you pay the ransom, you will not get whatever it is that the attackers are promising, and you will be left empty handed. Unfortunately, if the infection attacked, it is most likely that you can do nothing more than to delete Gillette Ransomware. We discuss your removal options in this report.

How does Gillette Ransomware work?

Gillette Ransomware is very similar to the infections within the Rapid Ransomware family, and that is because this threat belongs to this family as well. Anti-Spyware-101.com research team cannot say how exactly this malware is spread, and that is because, most likely, different methods are applied. Of course, if you want to evade Gillette Ransomware and similar infections in the future, you want to make sure you do not open spam emails, refrain from visiting dubious websites, avoid unreliable installers, and, needless to say, patch all security vulnerabilities. If you are unable to secure your Windows operating system, the infection should slither in without your notice. Only if you are oblivious to the attack and fail to remove the launcher of the infection will it be able to perform the encryption of files successfully. It was also found that the threat creates a scheduled task that runs the infection at certain times. That suggests that even newly created or downloaded files could be at risk of encryption. This is why you need to delete the threat as soon as possible. Another scheduled task is less harmful, but very annoying as it ensures that a ransom note file is launched every minute.

“Decrypt DATA.txt” and “recovery.txt” are the names of the ransom note files that Gillette Ransomware creates. Both of them carry the same message inside. According to it, you stand a chance at recovering your personal files only if you email the attackers at gillette_help@mail.com or gillette-help@mail.com and then pay the ransom as instructed. The instructions regarding the payment are not included in the text file, which is what tricks users into contacting the attackers. First and foremost, if you do as told, your files will not be decrypted, and you will simply have wasted your money. Second, if you reveal your email address, the attackers could send you malware launchers and links to scam and phishing websites. They might even use the “decryption software” that you are promised in return for the ransom payment to trick you into executing other threats. Needless to say, we do not recommend communicating with the cyber criminals. Instead, you should focus on removing Gillette Ransomware.

How to delete Gillette Ransomware

If your files were hijacked by Gillette Ransomware, they are lost. The attackers want to convince you that not all is lost and that you can still recover them, but interact with them and follow their instructions at your own risk. Our research team strongly recommends against doing all that. Instead, you should figure out how to remove Gillette Ransomware and then secure your system to guarantee that other threats cannot attack and cause you more grief. As for the files, if they have backup copies, you are fine, but if they do not, start backing up your files because that is the best security system against malware, theft, and loss due to computer damage, for example. You can take care of security and the removal of the threat at once by implementing anti-malware software. After that, set up cloud storage or invest in an external driver to back up your personal files.

Removal Guide

1. Tap Win+E to launch Explorer.
2. Enter %WINDIR%\system32\Tasks into the field at the top.
3. Delete the task named Encrypter and the folder named Encrypter with the EncrypterSt task inside.
4. Enter %APPDATA% into the field at the top.
5. Delete the ransom note file recovery.txt and an executable called info.exe.
6. Tap Win+R to launch Run and enter regedit.exe into the box to launch Registry Editor.
7. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
8. Delete the values named Encrypter_074 (points to info.exe) and userinfo (points to recovery.txt).
9. Delete the ransom note file named Decrypt DATA.txt (could have copies).
10. Empty Recycle Bin and then quickly run a full system scan using a legitimate malware scanner. Download Removal Tool100% FREE spyware scan and
    tested removal of Gillette Ransomware*