Home News A Romantic Message May Lead to a Ransomware in Your System
A Romantic Message May Lead to a Ransomware in Your System A Romantic Message May Lead to a Ransomware in Your System
News | 02/15/2019

A Romantic Message May Lead to a Ransomware in Your System

When was the last time you checked your PC health? Do you know your PC requires a regular Check Up!!!

The Romantic Ransomware Message Is A Surprise Threat

If you get any romantic message this Valentine's, think twice before opening it because cybercriminals are exploiting Valentine's Day by distributing a prolific form of ransomware.

GandCrab which first emerged last year as a potential threat has gone further to become a successful family of file-encrypting malware, with new updates, tricks and techniques.

Now via phishing emails covered with romantic messages and romantic quotes, subject lines, this ransomware is being sent and injected to computers.

Cyber attackers behind this romantic GandCrab ransomware is mainly targetting business & employer email accounts. Additionally, attackers get the benefit to get into encrypting the corporate networks.

Subject lines used in the campaigning of GandCrab ransomware are like these, “This is my love letter to you,” “My letter just for you,” “Wrote my thoughts down about you,” and “Felt in love with you.”

The body of the email contains a * symbol also a zip file containing JavaScript files. The file name remains the same in every malicious email as 'Love_You_2018_' followed by random digits.

Whenever a user chooses to extract JavaScript files from Zip folder, it downloads and executes GandCrab ransomware from a malicious URL which is embedded in the script. The GandCrab ransom note display in three different languages - English, Korean and Chinese.

In the ransom note attackers explain users (or victims) that their computer access is blocked and files are encrypted. In order to free your computer, you need to pay ransom in Bitcoins if you are willing to get your locked files back in order to get them back.

Researchers found that the ransom payments vary according to the victim which is a clear indication of planned attacks. According to reports cybersecurity experts also noticed that might be the Valentine's Day campaign is not the work of the GandCrab authors, but few cyber criminal customers are using it as part of RaaS campaign.

GandCrab is one of the most potent ransomware like Dharma, Crysis, Wannacry threats and would continue its plague on the organizations if strict action is not taken.

However, organizations by using a robust cybersecurity tool can avoid falling victim to this potential threat. Consequently by training users against strange or unexpected email messages is also a better option to increase the security of the program.

In case if you had fallen victim to this ransomware, then the below methods might help you in getting your access back to the computer. Also, in the end, you will get two cybersecurity tools that would help you to prevent the entry of GandCrab ransomware. 

malware crusher

Temporarily Disable GandCrab Ransomware in safe mode using Command Prompt

If you can’t access your computer, then it might become impossible to remove GandCrab ransomware. However, system reboot in Safe Mode could give you entry into your computer followed by creating a system restore point.

Once you are into your computer, perform a full system scan using the antimalware tool which we have suggested at the end of this article.

Steps to be followed to enter the safe mode Win XP/Vista/7

  • Click start, then shut down, then restart.
  • While the computer is booting up at the very first screen start tapping F8 until you see the advanced boot options.


  • In the advanced boot option’s, you need to select safe mode with Command prompt from the list of given options.

Steps to be followed to enter safe mode in Win 8/10

  • On the windows login screen, you need to press the power option.
  • Now, press and hold the shift key on the keyboard, and then click Restart.
  • Now, among the list of options you need to select Troubleshoot, and then advanced options, then startup settings and finally press restart.


  • Once your computer restarts and gives you the list of startup options you need to select Enable Safe Mode with Command prompt.

Also, Read: How to Remove AdClick Virus from Your Computer Easily?

Restore System

  • Once you see the command prompt windows, type in cd restore and hit enter on the keyboard.
  • Now, type rstrui.exe and hit Enter again.
  • Then you would see new windows, click on next over there and select a restore point that is before the date of infection.


  • Then, click next and followed by yes.

At present, your computer is in a state that has its file and data backed up at a safe restore point. We also suggest you make a copy of your backed up data into some external hard drive.

It is now time, to reinstall your Windows via an external source such as USB drives, CD or DVD and portable HDD devices.

While installing Windows, allocate disk space to C, D and E drive. If asked to restore any files, select the restore point and get the backed up data into the new operating system.

Your system format is complete, also your data is backed up. Now you must create a strong firewall against such malicious threats to prevent future attacks.

Cyber attackers are very advanced and had learned to gain illegal access to the computer. More than that, they make their malware more adaptable, resilient and damaging. It is impossible to stop cyberwarfare and cyberterrorism by common antivirus software.

Thus, the best preventive step is to upgrade our cyber defense systems at home and office computers with those cybersecurity tools that could delete GandCrab ransomware with their real-time protection feature, quarantine feature, web protection and anti-exploit technology.

Note: If your computer doesn’t have such security software, then download ITL Total Security and Malware Crusher to prevent malware attacks on your system. Both are reputable, vigilant and robust in creating a shield 24X7 against any cyberthreat.

These tools are highly recommended if you are willing to give advanced security to your PC. Their 5-minute function could be a savior for your computer!

malware crusher

Tips to Prevent virus and malware from Infecting Your System:
  1. Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
    So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for ChromeMozilla, and IE
  2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
  3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
  4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
  5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool


× Zoom Image