Experienced security experts discovered a new variant of ransomware that called GILLETTE ransomware. It appends the .GILLETTE file extension to encrypted file names. This blog post will provide you with all the things you need to know about virus, how to remove ransomware virus from your machine and how to restore .GILLETTE files for free.
‘GILLETTE ransomware’ – ransom note
The .GILLETTE ransomware is a variant of crypto viruses. It affects all current versions of MS Windows OS like the Windows 10, Windows 8, Windows 7, Windows Vista and Windows XP. This ransomware uses a strong encryption mode to eliminate the possibility of brute force a key that will allow to decrypt encrypted documents, photos and music. The GILLETTE ransomware virus encrypts almost of files, including common as:
.p7b, .x3f, .ods, .rgss3a, .xpm, .wsc, .bkf, .psk, .wpl, .y, .wmo, .xlsm, .ff, .wpd, .t12, .wmd, .bsa, .wot, .pst, .wgz, .ncf, .z, .wp7, .xy3, .bc6, .rim, .wps, .docm, .xxx, .wpt, .t13, .arw, .webp, .xyp, .bik, .xar, .xlk, .pptx, .dmp, .xmind, .odt, .layout, .xll, .vcf, .raf, .mpqge, .ztmp, .ybk, .wbc, .zdb, .xdl, .odm, .erf, .wp5, .wp6, .big, .svg, .qic, .vpk, .lbf, .sb, .ltx, .jpg, .yal, .wp, .blob, .wire, .xls, .icxs, .hvpl, .wma, .pak, .ppt, .wmv, .cdr, .p12, .indd, .bc7, .rtf, .jpeg, .wbk, .pptm, .sum, .dwg, .menu, .x3d, .wbz, .3ds, .kdb, .0, .qdf, .zi, .wav, .fpk, .css, .mdb, .xlgc, .epk, .apk, .csv, .wmf, .accdb, .z3d, .wbd, .wpw, .cer, .rwl, .rw2, .gho, .m2, .wotreplay, .syncdb, .cas, .xlsb, .dbf, .3fr, .mef, .srw, .p7c, .vpp_pc, .wp4, .pem, .2bp, .vfs0, .fos, .dba, .bay, .lvl, .sidd, .ibank, .desc, .odp, .wcf, .dxg, .pfx, .xld, .png, .itm, .xlsx, .sid, .wmv, .ptx, .wbm, .raw, .zabw, .xf, .db0, .wps, .crw, .m4a, .odb, .zif, .mdf, .sav, .zip, .fsh, .itdb, .wn, .orf, .m3u, .wsh, .xdb, .xmmap, .pdd, .sie, .zip, .sql, .xml, .mcmeta, .xls, .kf, .1st, .doc, .mrwref, .bar, .rofl, .x3f, .cr2, .r3d, .slm, .snx, .hplg, .pkpass, .dng, .litemod, .iwd, .docx, .wpd, .wdp, .bkp, .wsd, .srf, .mlx, .dazip, .wpa, .avi, .gdb, .7z, .sr2, .tor, .wpe, .mdbackup, .pdf, .wma, .vtf, .hkdb, .ai, .psd, .upk, .jpe, .lrf, .rar, .cfr, .sis, .dcr, .eps, .asset, .flv, .wm, .xlsx, .mddata, .3dm, .forge, .js, .nrw, .zw, wallet, .xlsm, .yml, .mp4, .rb, .txt, .map, .tax, .iwi, .der, .xbdoc, .zdc, .wdb, .wbmp, .w3x, .ntl, .wb2, .py, .wpg, .pef, .sidn, .mov, .1, .odc, .kdc, .xyw, .re4, .ws, .ysp, .xbplate, .xwp, .x, .wri, .wpb, .das, .d3dbsp, .esm, .vdf
Once the encryption procedure is done, it will create a ransom demanding message named “Decrypt DATA.txt” offering decrypt all users documents, photos and music if a payment is made. An example of the ransomnote is:
All your important files are encrypted There is only one way to get your files back: contact with us, pay, and get decryptor software. We accept Bitcoin You have Your personal identifier, write it in letter when contact with us. Also you can decrypt 1 file for test, its guarantee what we can decrypt your files. Attention! Do not rename encrypted files. Do not try to decrypt using third party software, it may cause permanent data loss. For decrypt your data write to email Contact information: gagima@gmail.com and tell us your unique ID
Use the step-by-step instructions below to remove .GILLETTE ransomware and try to recover encrypted photos, documents and music for free.
Table of contents
- How to remove .GILLETTE ransomware virus
- How to decrypt .GILLETTE files
- How to restore .GILLETTE files
- How to protect your computer from .GILLETTE ransomware virus?
- Finish words
How to remove .GILLETTE ransomware virus
The .GILLETTE ransomware virus can hide its components which are difficult for you to find out and delete completely. This can lead to the fact that after some time, the virus again infect your system and encrypt your documents, photos and music. Moreover, I want to note that it’s not always safe to delete ransomware virus manually, if you don’t have much experience in setting up and configuring the Windows operating system. The best way to detect and remove GILLETTE ransomware virus is to run free malicious software removal software which are listed below.
Remove .GILLETTE ransomware with Zemana Anti-malware
You can delete .GILLETTE ransomware automatically with a help of Zemana Anti-malware. We advise this malicious software removal tool because it can easily remove ransomware, PUPs, adware software and toolbars with all their components such as folders, files and registry entries.
Installing the Zemana AntiMalware is simple. First you’ll need to download Zemana on your personal computer by clicking on the link below.
164030 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Once the downloading process is finished, close all software and windows on your computer. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup as on the image below.
When the install starts, you will see the “Setup wizard” which will help you set up Zemana Anti-Malware on your PC.
Once setup is complete, you will see window as shown in the following example.
Now click the “Scan” button to begin scanning your computer for the .GILLETTE ransomware virus and other malicious software and potentially unwanted programs. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your machine and the speed of your PC. While the utility is checking, you may see number of objects and files has already scanned.
After Zemana Anti Malware completes the scan, you can check all threats found on your PC. When you are ready, click “Next” button.
The Zemana will remove .GILLETTE ransomware virus and other malicious software and PUPs.
How to automatically remove .GILLETTE ransomware with MalwareBytes Free
We advise using the MalwareBytes Free. You can download and install MalwareBytes Anti-Malware (MBAM) to search for and get rid of .GILLETTE ransomware virus from your PC. When installed and updated, this free malicious software remover automatically searches for and deletes all threats present on the machine.
Click the link below to download MalwareBytes Free. Save it to your Desktop so that you can access the file easily.
326382 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
Once downloading is done, close all windows on your PC system. Further, open the file named mb3-setup. If the “User Account Control” dialog box pops up as shown in the figure below, click the “Yes” button.
It will show the “Setup wizard” that will help you install MalwareBytes on the machine. Follow the prompts and don’t make any changes to default settings.
Once setup is done successfully, press Finish button. Then MalwareBytes Anti-Malware will automatically start and you may see its main window as displayed on the image below.
Next, press the “Scan Now” button for checking your personal computer for the .GILLETTE ransomware virus and other security threats. This process can take quite a while, so please be patient. When a malicious software, adware or PUPs are detected, the number of the security threats will change accordingly.
Once that process is complete, a list of all threats detected is produced. You may delete items (move to Quarantine) by simply click “Quarantine Selected” button.
The MalwareBytes will remove .GILLETTE ransomware virus related files, folders and registry keys. After that process is finished, you can be prompted to reboot your system. We recommend you look at the following video, which completely explains the procedure of using the MalwareBytes AntiMalware to remove browser hijackers, adware software and other malicious software.
Scan your computer and remove GILLETTE ransomware virus with KVRT
If MalwareBytes antimalware or Zemana antimalware cannot remove GILLETTE ransomware, then we recommends to run the KVRT. KVRT is a free removal tool for ransomware, trojans, worms, potentially unwanted programs and other malicious software.
Download Kaspersky virus removal tool (KVRT) on your machine from the following link.
129055 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
When downloading is complete, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you will see the KVRT screen as displayed on the image below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button for checking your PC system for the GILLETTE ransomware virus and other trojans and malicious applications. Depending on your PC, the scan may take anywhere from a few minutes to close to an hour. While the KVRT application is scanning, you can see number of objects it has identified as threat.
As the scanning ends, you will be displayed the list of all detected items on your machine like below.
When you’re ready, click on Continue to begin a cleaning process.
How to decrypt .GILLETTE files
The .GILLETTE ransomware offers to make a payment in Bitcoins to get a key to decrypt personal files. Important to know, currently not possible to decrypt .GILLETTE files without the private key and decrypt application.
We don’t recommend paying a ransom, as there is no guarantee that you will be able to decrypt your documents, photos and music. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new virus.
Free malware removal utilities listed in this post can be used to detect and remove GILLETTE ransomware virus and prevent any further damage. After that you can restore encrypted files from their Shadow Copies or using file restore utility.
How to restore .GILLETTE files
In some cases, you can restore files encrypted by .GILLETTE ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted personal files.
Restore .GILLETTE encrypted files using Shadow Explorer
In some cases, you have a chance to restore your files which were encrypted by the .GILLETTE ransomware virus. This is possible due to the use of the tool named ShadowExplorer. It is a free application that made to obtain ‘shadow copies’ of files.
ShadowExplorer can be downloaded from the following link. Save it on your Windows desktop.
438663 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
Once downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown on the screen below.
Double click ShadowExplorerPortable to start it. You will see the a window as displayed in the figure below.
In top left corner, choose a Drive where encrypted documents, photos and music are stored and a latest restore point as displayed in the figure below (1 – drive, 2 – restore point).
On right panel look for a file that you want to restore, right click to it and select Export as shown on the screen below.
Recover .GILLETTE files with PhotoRec
Before a file is encrypted, the .GILLETTE ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your photos, documents and music using file restore software like PhotoRec.
Download PhotoRec on your Microsoft Windows Desktop from the link below.
Once the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown below.
Double click on qphotorec_win to run PhotoRec for Windows. It will display a screen like below.
Select a drive to recover as displayed in the figure below.
You will see a list of available partitions. Choose a partition that holds encrypted documents, photos and music as on the image below.
Click File Formats button and specify file types to restore. You can to enable or disable the recovery of certain file types. When this is finished, press OK button.
Next, click Browse button to select where restored documents, photos and music should be written, then press Search.
Count of restored files is updated in real time. All restored files are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is finished, click on Quit button. Next, open the directory where restored files are stored. You will see a contents as shown on the screen below.
All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your computer from .GILLETTE ransomware virus?
Most antivirus programs already have built-in protection system against the ransomware virus. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Use HitmanPro.Alert to protect your PC from .GILLETTE ransomware
HitmanPro.Alert is a small security tool. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Please go to the following link to download the latest version of HitmanPro.Alert for Microsoft Windows. Save it to your Desktop so that you can access the file easily.
After the download is done, open the directory in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the utility is started, you will be shown a window where you can select a level of protection, as displayed in the figure below.
Now click the Install button to activate the protection.
Finish words
Now your machine should be clean of the .GILLETTE ransomware virus. Uninstall KVRT and MalwareBytes Anti Malware. We suggest that you keep Zemana (to periodically scan your machine for new malicious software). Probably you are running an older version of Java or Adobe Flash Player. This can be a security risk, so download and install the latest version right now.
If you are still having problems while trying to delete .GILLETTE ransomware from your machine, then ask for help here.
