[Oct, 3, 2019] - Version: 184.108.40.206
The GalactiCrypter ransomware encrypts its victims files with AES-256 and prepends the filename with "ENCx45cR"; for example, "ENCx45cRChrysanthemum.jpg".
The ransom screen contains the following text:
READ: IT IS VERY IMPORTANT THAT YOU DO NOT RENAME ANY FILES THAT WERE ENCRYPTED! THIS WILL LEAD TO THAT FILE BEING RE-ENCRYPTED AND THEN WILL BE LOST FOREVER! Your important files on this computer were encrypted using a public RSA-2048 key, generated for this computer (photos, videos, documents, ect... Click the View Secured Files button to view all of your encrypted files). Getting rid of this tool will NOT help. You will need this tool to DECRYPT and get access to your files again. Your private decryption key has been created and stored on a secure and anonymous server. This key will allow you to decrypt all your files. This key is somewhere in the internet, and if payment is not made in the required time, it will be erased off the server permanently, and ALL your files will be permanently lost. To obtain your private key for this computer, you will need to pay 150.00 USD / 150.00 EUR BitCoin. This is equal to 0.2 Bitcoin that must be paid to decrypt and regain access to all your files. ANY attempts to remove, tamper or damage this software WILL lead to immediate termination of the private key and ALL your files will be permanently LOST. Your time remaining is indicated on the left. If you are ready to make the payment, please click the button below.