StrutterGear Ransomware looks a lot like Jigsaw Ransomware. Since Jigsaw Ransomware is a Ransomware as a Service (RaaS) type of malware, StrutterGear Ransomware could be created by hackers who purchased it. The malicious program might be extremely harmful because it may have the ability to not only encipher particular data with a secure cryptosystem but also delete part of it within specific time intervals. Unfortunately, without the decryption key, there is nothing the victim could do to decipher affected data. Not even the malware’s removal would save enciphered files, although it would stop the infection from erasing them. If you wish to learn more details about it, we urge you to read the whole article. Users who require deletion instructions for this threat can find them displayed at the end of the text.
First of all, our specialists doubt the malicious program is being distributed yet since its working manner reveals the infection is yet to be finished. Of course, there is a possibility StrutterGear Ransomware’s creators could distribute it among few victims just to test how it works. It could be spread by sending victim’s suspicious Spam emails containing the threat’s installer. This is probably one of the most popular ways to distribute ransomware. Some hackers disguise malicious files by making them look like text documents, invoices, pictures, and so on. Therefore, to avoid such harmful applications in the future, our specialists advise keeping a reliable security tool that you could use to scan data that might raise a suspicion, for example, files coming from unknown senders, executable files, software updates or installers, etc.
The sample our researchers tested created a copy of itself named StrutterGear.exe in the %APPDATA% directory. Later the malware added a folder called FileSystemSimulation on Desktop. In this folder, it placed a couple of files that were enciphered and marked by adding a second extension called .tax. However, it took only approximately two minutes, and the malicious application erased these files. Apparently, the cyber criminals behind StrutterGear Ransomware made the threat remove one file in every 60 seconds. This happened only to the files in the folder that was created by the ransomware, while the data created by the computer’s user remained unaffected. Of course, if the application gets upgraded it would encipher and delete user’s private data instead of the test files it currently affects.
Lastly, StrutterGear Ransomware is supposed to open a pop-up window with the instructions on how to get your files decrypted. It's described malware’s working manner is different from the actual one, so it is most likely how cyber criminals would want the application to work and how it could act once it is no longer in the development stage. The asked payment is 500 US dollars that are supposed to be paid in Bitcoins. The Bitcoin wallet where the ransom should be transferred is provided in a text document called Address.txt; it might be placed after the encryption process.
If you come across a test version of this infection, you do not even have to think if it is worth paying the ransom as you do not need a decryption. Thus, you should pay no attention to the provided pop-up and erase StrutterGear Ransomware at once. Our recommended removal steps can guide you through the process, but if it looks too complicated or you believe you may have encountered the upgraded version of the malware, it might be a good idea to leave this task to a trustworthy security tool. The antimalware software could locate malicious data automatically and to get rid of it, you would only need to click the provided deletion button. Plus, by getting such a tool you would strengthen the system, so the next time you come across similar threat, you might be able to avoid it.