Our specialists noticed a recently created threat called Gremit Ransomware. Fortunately, users may still avoid the malicious program as it is not yet fully developed. Apparently, the current variant was made to encrypt files on computer with a specific username, so if you have a different one, the infection cannot affect any data on your system. Nevertheless, when the malware goes through its last stages of development, it might turn out to be much more damaging than it is now. Further in the article, we will present you with more information about the malicious application. You will find our recommended removal steps at the end of this article too, but since Gremit Ransomware might still be corrected and we cannot know everything about it, you may want to use a trustworthy security tool.
As we mentioned in the beginning, the malware can encrypt data only with the condition that the path C:\Users\Tim\Desktop\encrypt is on your system. The username called Tim was probably on the computer that was used to create this infection. Clearly, even if your username is Tim, the malware will do nothing unless you have a folder titled as encrypt too, but we think it is highly unlikely. Will the finished version also encipher data in particular folders or simply encrypt all of it on the computer is still too early to say. Gremit Ransomware’s developers may have chosen only this particular directory to test the application without encrypting everything on their computer.
The variant our researchers tested should not only encipher data but also append an additional extension called .rnsmwr. However, which encryption algorithm could be used is still unknown. From our experience, we can say that often such threats encrypt user’s data with AES 256 or RSA-2048 cryptosystems. Both of them are quite strong, so even for specialists, it would be difficult to create a decryptor. If the malicious program’s creators have the decryptor themselves, we cannot say, but they would try to convince you so as the displayed ransom note says they can unlock files if you are willing to pay the price.
Furthermore, the ransom note appears in the form of a black window with green text. It says the user has to pay 0.03 Bitcoins (around 21 US dollar). It might seem like a small price, especially if you have no copies of encrypted data and the files are irreplaceable, but you should not put your hopes on the infection’s creators. As the note confirms, all they care is money, so they might not bother to send you the decryptor. Thus, if you ever receive Gremit Ransomware or a similar threat, do not forget that no matter how acceptable the price might seem, there is a possibility you can lose it in addition to your precious data on the computer.
The current Gremit Ransomware variant does not encrypt anything or add any malicious data on the system. Therefore, users should simply get rid of the infected file that they launched before the malware appeared and it should be enough to eliminate the threat. On the other hand, if the version you receive is different and it does encrypt data on the system, we would offer you to remove it with a reliable security tool instead of deleting it with the instructions placed below. Once the malicious program is finished, it could work differently on the system, so it would be wiser not to take any chances and use the antimalware software.