GHOST ARMY is a ransomware that was first discovered by Jiri Kropac. It claims to be a legitimate VPN known as Hide My Ass (sorry for the language – we only quote the developers) and it uses Crypt888 as its foundation. The main purpose of this threat lies in compromising your data and that’s exactly what starts happening as soon as it manages to breach your system. The “.Lock” extension gets appended to all of your files and it becomes impossible to use them from that moment on. It’s currently unknown whether this virus employs symmetric or asymmetric algorithm to achieve its goals (of if it uses both), but ESET has been successful in creating the decryption tool for it. It can be downloaded if you follow the link https://download.eset.com/com/eset/tools/decryptors/crypt888/latest/esetcrypt888decryptor.exe, so there’s no need to sponsor cybercriminals behind GHOST ARMY with your hard-earned money.
Apart from the aforementioned extension, it has another distinctive characteristic – its ransom note which replaces your Wallpaper. The message you’re given goes as follows –
‘YOU HAVE BEEN HACKED =)
ALL YOUR FILES HAS BEEN ENCRYPTED. FOR REPAIR CONTACT US:
IF YOU ARE NOT SURE, TURN OFF THE COMPUTER
Before you can employ the decryption tool, you need to remove GHOST ARMY from the system. It can be done with a program like Spyhunter and the manual on how to use it is posted below the article. Once you’re through with that, it becomes possible to return the situation back to normal. And when this is done, keep ransomware away from the PC by adhering to certain guidelines that reduce potential risks while you surf the Internet.
Steer clear of dubious pages, don’t agree to update your software if the prompt to do that seems suspicious, don’t open the attachments that come with spam emails, refrain from clicking on links and advertisements that can be found on file-sharing services or adult pages, and keep Spyhunter updated and running all the time. This is basically everything you need to do to protect the computer from being compromised by viruses like GHOST ARMY.