GryphonRansomware: Brief analysis
Name | Gryphon Ransomware |
Class | Ransomware |
Targeting PC users | English-speaking PC users |
Discovery date | 31 July, 2017 |
Infiltration | Via spam mails, Bundling process |
Removal | Stated Manual Removal techniques in this post |
Elaborations about Gryphon Ransomware
Gryphon Ransomware is malware which has been explored during the research by Security experts on July 31st, 2017. They have concluded that this malware is being spread through Junk mails which may comprise the macro-enabled Microsoft Word document. Its tangential execution take places when Macros have not been precluded in Word processor. Further analysis declared that the con artist responsible behind its development has been found to entrap the English-speaking people first. This ransomware infects the updated version of Windows and run payload.exe on infected OS. Gryphon Ransomware is created to utilize the Custom AES-256 cipher for the files which is kept stored on the local disk and accessible USB Drives. Files which encompasses the sections such as photos, databases, presentations text, ebooks are encrypted most. Encrypted files carries the distinct extension that is [[email protected]].gryphon. After that you won't be able to load these infected files into the apps such as Windows photo or same kind of image viewers. Later users are provided with a ransom message as 'HELP.txt' on the desktop.
How Gryphon Ransomware infiltrates Onto PC?
Gryphon Ransomware infiltrates inside PC through the spam mails that introduces the vicious attachments in the form of Microsoft attachments. Users easily make click on it considering it as legitimate. The installation of programs from the unofficial websites also cause the infection of PC with such malware.
Difficulties created by Gryphon Ransomware
- Gryphon Ransomware upon getting penetrated inside PC encrypts the files and adds the [[email protected]].gryphon extension with them.
- Thereafter users become unable to load their files in any apps which may include image viewers.
- Later a ransom note is published to let PC users know entirely about encryption process and to move according to the instruction in ransom note,.
Backup files to save it from Gryphon Ransomware attack
security experts always suggest users to backup their files all the time as different kind of malware keep rotating in the Cyber world. Gryphon Ransomware is the another one among them. Rather than following the ransom note message, users should implement below sated manual removal tips to make their PC free From this malware.
Free Scan your Windows PC to detect Gryphon Ransomware
Remove Gryphon Ransomware From Your PC
Step 1: Remove Gryphon Ransomware in Safe Mode with Command Prompt
- First of all disconnect your PC with network connection.
- Click restart button and keep pressing F8 key regularly while system restart.
- You will see “Windows Advanced Options Menu” on your computer screen.
- Select “Safe Mode with Command Prompt” and press Enter key.
- You must login your computer with Administrator account for full privilege.
- Once the Command Prompt appears then type rstrui.exe and press Enter
- Now follow the prompts on your screen to complete system restore.
Step 2: Remove Gryphon Ransomware using MSConfig in Safe Mode:
- Power off your computer and restart again.
- While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.
- Use the arrow keys to select “Safe Mode” option and press Enter key.
- Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.
- Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:
C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1
- Disable all the malicious entries and save the changes.
- Now restart your computer normally.
Step 3 : Kill Malicious Process Related To Gryphon Ransomware
- Press Alt+Ctrl+Del buttons together.
- It will open the Task manager on your screen.
- Go to Process Tab and find Gryphon Ransomware related process.
- Click the End Process Now button to stop the running process.
Step 4 : Remove Gryphon Ransomware Virus From Registry Entry
- Press “Windows + R” key together to open Run Box.
- Type “regedit” and click OK button.
- Find and remove Gryphon Ransomware related entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Now hopefully you have completely removed the Gryphon Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.
Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the Gryphon Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.
If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.