Gremit Ransomware

Posted by Lisa Blanc on November 7, 2016

What is Gremit Ransomware?

Malware researchers at Anti-spyware-101.com have acquired a sample of a new ransomware known as Gremit Ransomware. It is still in development as it encrypts one particular location only. However, if your computer becomes infected with its full version, we recommend that you remove it because, judging from the ransom note, the developer does not care about your files and could even delete them or not give you the decryption key. Therefore, there is no guarantee that you will be able to get your files back. From more information about this ransomware, we invite you to read this entire description. test test test

How does Gremit Ransomware work?

Some ransomware-type infections lock the desktop while others encrypt the user’s files using some kind of encryption algorithm. In the case of Gremit Ransomware, it is the latter case. Since it is still in development, it is subject to many changes. However, in its current state, it encrypts files in one location. In the sample tested by our malware researchers, this ransomware was set to encrypt files in C:\Users\Tim\Desktop\encrypt. Due to the fact that the username is designated as Tim, this ransomware is unable to encrypt files if the username is different. Unless, of course, your username is indeed Tim, then Gremit Ransomware can encrypt all of the files stored in that location and append the files with the .rnsmwr file extension.

At the time of this article, the encryption method used by this ransomware is unknown, but it is more than likely that it was set to use the AES or RSA encryption algorithm. Both of these algorithms are difficult to decrypt unless this ransomware has a significant vulnerability that security experts could use to their advantage. Researchers say that Gremit Ransomware should generate private decryption key that is sent to the Command and Control (C&C) server and the only way to get it is to risk paying the ransom to the unreliable developer.

Once the encryption process is complete, this ransomware is designed to generate a window featuring a black background with green text that says that most of your files have been encrypted and that you need to pay 0.03 BTC (21 USD) to get them back. However, there is no guarantee that you will get your files back and that is why we suggest deleting this infection entirely. Furthermore, the developer might ask far more than 21 dollars when the full version is out as this is just a beta version after all.

Where does Gremit Ransomware come from?

Since this ransomware is still in development, it is not distributed yet. Nevertheless, we speculate that it will most likely be distributed using email spam because it is the most efficient way of dissemination. Email spam is sent to random email addresses and features malicious attachments that drop directly or download the executable file. The attached file may look like an ordinary Word file, PDF file or even an ordinary file archive. Also, Gremit Ransomware might be distributed on infected websites that contain embedded exploit kits that can secretly install this ransomware on your PC when you interact with Java or Flash-based content.

How do I remove Gremit Ransomware?

As you can see, Gremit Ransomware is one dangerous infection, and it is a good thing that it was discovered prior to its release because antimalware programs such as our featured application called SpyHunter can detect and remove it without difficulty. Researchers say that this ransomware can drop its executable anywhere on your PC. Therefore, we suggest using SpyHunter’s free scan feature, and delete the malicious files manually.