GTYS Ransomware Joins the Ever Growing STOP/Djvu Ransomware Family
The STOP/Djvu Ransomware group continues its steady rise with another addition to the family – GTYS Ransomware. Like its sister variants, GTYS Ransomware renders its victims’ files inaccessible, including photos, music, documents, and video data.
GTYS Ransomware spreads via several methods, including phishing campaigns, bundled software, and malicious websites. Once installed, the victim’s files are encrypted using the AES-256 encryption algorithm. The ransomware will further append the .GTYS extension to the encrypted files. This additional file extension is what gives the infection its name.
Affected users will also find a ransom note on their desktop that asks them to pay $980 to restore the files. According to the note, the ransom demand can be cut to $490 if users establish communication via ‘firstname.lastname@example.org’ or ‘email@example.com’ within 72 hours after infection.
If victims contact the GTYS Ransomware operators, they will offer to decrypt one file for free to prove they can unlock all affected files. Paying the ransom or even establishing contact with the hackers is not advisable, as there is no guarantee that you will ever receive a file decryptor and gain access to your files.
How Do I Deal with a GTYS Ransomware Attack?
We strongly suggest the GTYS Ransomware victims scan for and remove elements of this dangerous ransomware infection by using a reputable malware remediation tool. You can also protect yourself from future attacks by keeping copies of your critical files on either a cloud drive or an external hard drive.