Ransomware Research

Galacti-Crypter Ransomware

Galacti-Crypter is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on August 1, 2019, this ransomware has been actively targeting systems worldwide.

Quick Facts

Ransomware Family
Galacti-Crypter
First Seen
August 1, 2019

How Galacti-Crypter Ransomware Works

Targeted Files

587bd876ba5e45292032d684f3c5512a4768608b51f7f2f422ffb97bbe1b2cb2 not presented on VT

File Encryption Patterns

Galacti-Crypter modifies encrypted files using specific patterns to mark them as encrypted:

Prefixes added to encrypted files:

ENCx45cR

Ransom Note and Payment Demands

After encrypting files, Galacti-Crypter displays ransom notes demanding payment for file recovery:

message

Ransom message:

notes/note.txt

Note locations:

Login

Technical Indicators

Associated Executable Files

The following executable files are associated with Galacti-Crypter ransomware:

  • Trojan.Ransom.GalactiCrypter.exe
  • GL.exe
  • Trojan.Ransom.GalacticCrypter.exe
  • Ransomware GalacticCrypter.exe
  • GLA.EXE

Recovery and Decryption Tools

Good news! Decryption tools are available for Galacti-Crypter ransomware:

0

Elastio Can Help You

Don't let Galacti-Crypter ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This Galacti-Crypter ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Galacti-Crypter.

Last updated: July 30, 2025