Home / Spyware Help / StrutterGear Ransomware Removal Guide

StrutterGear Ransomware Removal Guide

by 0 Comments

Do you know what StrutterGear Ransomware is?

StrutterGear Ransomware is a malicious application designed for money extortion, but it is currently still in the development stage, so it should not be distributed yet. Nonetheless, we invite you to read our report about this malware and learn what it might do if it gets released. In the article we will explain how the infection could damage user’s data, how it could be identified, the ways it might enter the system, and so on. Below the main article, there will be a removal guide. Keep it in mind that it can show you how to get rid of StrutterGear Ransomware’s undeveloped version. In other words, if the malicious application gets finished it is entirely possible it may create more data than the files listed in the removal guide. Accordingly, we would advise using a reputable antimalware tool in such case to ensure the threat is fully eliminated.

As it was said in the first paragraph StrutterGear Ransomware is probably not yet distributed. However, if the malware’s creators finish developing it, they may change its name and use various channels to spread it. For example, the infection could travel with suspicious email attachments sent with Spam, malicious software installers distributed through unreliable file-sharing web pages, or fake updates offered on questionable pop-up notifications. No matter how the malicious application’s launcher is received, it may infect the system the minute it is opened and if there is no trustworthy antimalware tool on the system that could stop this process the threat might do a lot of damage.

Even though the malware is still not fully developed our researchers can tell what it might be capable of. At the moment StrutterGear Ransomware is programmed to encrypt only two files called NotTxtTest.nottxt and TxtTest.txt. The infection itself creates these files in a directory set up by it too. Our researchers who tested the ransomware in our internal lab say that this folder is supposed to be called FileSystemSimulation and it should appear on the user’s Desktop. It was also discovered that the encrypted data is erased after some time; to be more precise, one file should be removed each sixty seconds, so after two minutes the directory becomes empty. Before the mentioned files were deleted, we noticed the threat placed an additional extension to them called .tax, e.g. TxtTest.txt.tax. This extension could either remain the same or be replaced when the software gets released.StrutterGear Ransomware Removal GuideStrutterGear Ransomware screenshot
Scroll down for full removal instructions

If StrutterGear Ransomware’s creators finish developing it, we believe the malicious application’s target could be any personal file, e.g. photographs, videos, archives, and so on. The only data left alone could be the one belonging to the operating system or other software installed on the infected computer. Also, the threat’s creators would most likely give more time for the user to pay the ransom, so the first files should be erased not after sixty seconds, but possibly after three hours and then the deletion would continue each sixty minutes as it is explained in the ransom note. This message is supposed to be displayed on the malware’s window. According to it, you can decrypt your data, but first, you have to pay a ransom in Bitcoins worth of $500.

Even if the infection destroys your most precious files, we do not recommend paying the ransom since there are no guarantees the threat’s creators will keep up to their promise. If there are any copies on removable media devices or other storages, we advise users to use them only after the malware is deleted for safety purposes. The removal guide placed below will show how to eliminate StrutterGear Ransomware, but we cannot be one percent sure it will help all those who encounter this malicious application, especially if it gets updated, so if you do not wish to take any chances you may want to use a reputable antimalware tool instead.

Erase StrutterGear Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Launch Task Manager and go to Processes.
  3. Kill the malware’s malicious process by pressing the End Task button.
  4. Exit Task Manager.
  5. Tap Windows key+E.
  6. Go to %APPDATA%
  7. Locate the infection’s launcher, e.g. StrutterGear.exe, right-click it and select Delete.
  8. Navigate to Desktop.
  9. Find the threat’s created folder titled FileSystemSimulation, right-click it and pick Delete.
  10. Then find a file called Address.txt on your Desktop as well and erase it too.
  11. Close File Explorer.
  12. Empty Recycle bin.
  13. Reboot the system.

In non-techie terms:

StrutterGear Ransomware is still a test version so it should not do any damage to the user’s data unless it gets updated. Nonetheless, the malware shows a ransom note in which the software’s creators address their victims in an insulting manner and demand to pay a ransom. In this case, we advise you to simply ignore this message as there is no reason to consider paying the ransom. In fact, we would recommend deleting the malware instead even if it actually encrypted your data as these hackers could scam you. If you are determined to get rid of the malicious application manually, we can offer the removal guide located above, but keep it in mind we cannot promise it will help you in case the infection gets updated. Under such circumstances, we recommend employing a reputable antimalware tool.