Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Dec 2020

How to remove Genesis ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Lucia Danes · Virus researcher

Genesis ransomware – a cryptovirus that steals some data before encrypting it

Genesis ransomware

Genesis ransomware is a computer virus that steals some files that include sensitive information before encrypting them and demanding to pay a ransom. Otherwise, the stolen info will be published. Corporate networks targeting ransomware infections have been on the rise, as new variants, such as  BBGT, SNTG, of established families are released on a regular basis.

As soon as Genesis virus gains entry to a targeted network, it scans for the most frequently used files and downloads some of them to a secret hacker server. Those files are used for blackmailing, in other words, to convince the victims to contact the assailants via given emails – genesishelp@mail.ee and enesishelp@cock.li, and start negotiating the ransom details.

After the data theft, the virus encrypts all non-system files (pics, documents, archives, backups, etc.) on the device and renames them by appending a .genesis extension. Then a custom ransom note, named !HELP!.txt, is generated and dropped into folders with locked files.

name Genesis ransomware, .genesis virus
type Ransomware
Ransom note !HELP!.txt
Appended file extension All personal victim files are appended with .genesis extension
Additional info Cybercriminals claim that they downloaded some data before encrypting it, are ready to make it available to the public if the ransom isn't paid
criminal contact details genesishelp@mail.ee and enesishelp@cock.li
Malware elimination Each of the infected computers should be disconnected from the network and a full scan performed with anti-malware software
system health Use a system repair tool, like the FortectIntego app, to undo all modifications the cryptovirus might have done

The ransom note message of Genesis ransomware begins with an explanation that data on the device was stolen and encrypted. If the victims would like to avoid any problems, they should immediately read the instructions and contact the assailants.

Then the cybercriminals threaten their victims not to edit, rename, copy, move or try any third-party decryption tools on the encrypted files as that may prevent them from being decrypted in the future. They claim that the only way to regain access to the locked data is by purchasing their decryption tool.

To show good faith, Genesis virus creators offer a free decryption of two (either text or image) encrypted files to prove that such a tool exists. Moreover, as a bonus, the hackers are proposing to talk about improving victims' network security if the demands are met.

At the end of the ransom note, the assailants are threatening to publish all stolen data if the ransom isn't paid. Then they provide two emails to establish contact with them and appoint the chosen victim with its unique user ID, which should be sent when starting negotiations.

Genesis ransomware virus

As always, we advise against meeting the criminals' demands because that only motivates them to increase the number of their attacks, finances research for more effective infection methods, and for more sophisticated ransomware. The only correct thing to do is to remove Genesis ransomware.

The best way to do it is with a trustworthy anti-malware application such as SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. A reliable anti-virus is a must these days because malware is lurking everywhere. If kept updated, either of these time-tested apps could protect your system from future cyberattacks.

When you're finished with Genesis ransomware removal, the next step is to take care of the system's overall health. Due to the fact that most cryptoviruses make changes to the system registry and other key system settings, we advise using a system tune-up tool like the FortectIntego to revert these modifications.

Message from the !HELP!.txt ransom note reads:

Hello.
If you are reading this, it means your data is encrypted and your private sensivitive information was stolen!
Read carefully the whole instructions to avoid problems with your data.
You have to contact us immediately to resolve this issue and make a deal!

!!!WARNING!!!

DO NOT modify, rename, copy or move any file. You can DAMAGE them and decryption will be impossible!
DO NOT use any third-party or public decryption software, it also may DAMAGE files.

There is ONLY ONE possible way to get back your files.
Do not waste your time, contact us and pay for special DECRYPTION TOOL. The tool is all you need.
For your guarantee we can decrypt 2 of your text or image files for free, as a proof that it works.

Your network was fully COMPROMISED! We can discuss how to secure it as a bonus.
The data that we gathered could be published in MASS MEDIA for BREAKING NEWS!
If we make a deal everything would be kept in secret and all your data will be restored.
I could make them public them if you decide not to pay.
Contact us immediately:

genesishelp@mail.ee
genesishelp@cock.li

Your Personal ID: –

Most common ransomware distribution methods and how to dodge it

Nowadays, malware[1] is spread out through the internet and is hiding in plain sight. Hackers use different techniques to infect the devices of everyday computer users. But, the cybercriminals use two methods most frequently to distribute ransomware – spam emails and file-sharing platforms.

We've all got some spam mail in our lives, most of it isn't very harmful. But nonetheless, all spam emails must be dealt with caution. Ransomware might be hidden either in the infected attachments or in hyperlinks leading to malicious sites. Please never open or download any email attachments without scanning them with a reliable anti-malware app first, and don't open any links in emails containing grammatical errors or other inconsistencies.

Cybercriminals love to upload their created ransomware to torrent websites because no one examines the uploads. Only the end-user can find it out the hard way what was in the torrent. Hackers name their uploads as something that would catch the eye of a soon to be victim, like a game crack for the latest game or some pirated, expensive software. Refrain from using such sites.

Genesis virus detection rate

Tutorial on how to remove Genesis ransomware and perform a system sweep

As we've mentioned in the first paragraph, all malware should be eliminated immediately. The longer any computer virus stays in your device, the more harm it could do. Genesis ransomware removal should be left to professional anti-malware software, although each of the computers should be disconnected from the network, if such is present.

According to VirusTotal,[2] 45 out of 70 virus engines caught the sample of this malware. So we recommend using any of these two dependable anti-malware apps SpyHunterCombo Cleaner or MalwarebytesMalwarebytes to remove Genesis ransomware. Keep your anti-virus software updated so you could be protected.

Unfortunately, removing Genesis virus won't unlock your files but don't doubt for a second before deleting it anyway. There are other ways you could try to recover your data, but first, experts[3] advise to perform a full system scan with a system repair tool like the FortectIntego app to restore any changes that the file-locking virus might have made to the system files and settings.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.