Genocheats Ransomware Removal Guide

Do you know what Genocheats Ransomware is?

Malicious file-encryptors from the Hidden Tear family keep emerging, and the newest one to join the group is Genocheats Ransomware. The creator of this infection has used the same code that was used by the developers of Satan’s Doom Ransomware, Crypt0 HT Ransomware, and many other malicious threats alike. Some of these threats could be linked to the same cyber criminal, but, most likely, they are operated by different parties. Although all of these infections have similarities, they are also very unique, and so it is necessary to review every single threat as a unique infection. Needless to say, they all must be deleted, and if you keep reading, you will learn how to remove Genocheats Ransomware. Make sure to communicate with us via the comments section if anything is unclear.

When the launcher of the malicious Genocheats Ransomware is dropped onto the computer – our research team informs that that is most likely to happen when the user opens a spam email attachment – the threat immediately copies itself to a new folder in the %HOMEDRIVE% directory. Your user name is used to name this folder, which is why not all users will be able to find and delete the malicious copy right away. Once the threat is in place, it silently connects to the internet to download a JPG file from (it is renamed to “ransom.jpg”), as well as to send the encryption key. When it comes to the encryption process, the threat has a set list of types of files that it is meant to corrupt (e.g., ".txt", ".doc", ".jpg", and ".mp3"). Once these files are corrupted, they get the “.encrypted” extension at the end of their names. It is also notable that Genocheats Ransomware should only encrypt files in folders that are located in the %USERPROFILE% directory. Unfortunately, you cannot recover files by removing the infection.

After the encryption, Genocheats Ransomware creates a file named “READ_IT.txt” on the Desktop. Since it is a TXT file, it can be encrypted as well, but if it is not, it is meant to inform you that you are meant to send “10$ BTC” to the 3Fr6KwRoWFNjGdqV6GjBKKytsgimgdxf7Q Bitcoin Address and then email cyber criminals at to get a password. This password, allegedly, would help you recover your files. That is not the case. First of all, it is not exactly clear what the actual ransom is. Is it 10 BTC or is it 10 USD? At the moment, 10 BCT is around 138,000 US Dollars, and 10 USD is 0 Bitcoin. Whatever the case is, do not get involved in any payments because the creator of Genocheats Ransomware will not give you any password or decryptor in return. Do not waste your time with that, and quickly delete this malware.Genocheats Ransomware Removal GuideGenocheats Ransomware screenshot
Scroll down for full removal instructions

If you follow the instructions below, you will delete Genocheats Ransomware from your Windows operating system yourself. Note that although the original launcher file should delete itself upon execution, you want to check if that is what happens, which is why we strongly recommend that you scan your system after you complete the removal process. Of course, that is not what you must do. If you do not want to erase malware manually, you can install anti-malware software. This is, without a doubt, the best option because you need the protection this software can provide you with. Besides protecting the system, you also need to take care of your personal files. Back them up to ensure they are not affected by malware in the future.

Remove Genocheats Ransomware

  1. Launch Task Manager by tapping keys Ctrl+Shift+Esc.
  2. Click the Processes tab and look for any malicious processes.
  3. If you find any (and you need to be 100% sure about it), terminate them by clicking End Process.
  4. Launch Windows Explorer by tapping keys Win+E.
  5. Enter %HOMEDRIVE% into the bar at the top.
  6. Delete the folder named after your {user name} (it should contain the Rand123 folder and ransom.jpg file).
  7. Move to the Desktop and Delete the file named READ_IT.txt.
  8. Empty Recycle Bin to eliminate all of these components.
  9. Acquire a reliable malware scanner and run a full system scan to check if your system is clean.

In non-techie terms:

Genocheats Ransomware is a malicious infection that was created to encrypt your files. If it is successful at that, you are stuck with a strange ransom demand. It is unclear whether the developer of this infection wants you to pay 10 Dollars or 10 Bitcoins, and both of these demands are ridiculous. Unfortunately, the password that is promised in return is unlikely to be provided to you in either case. It is likely that if your files are encrypted, you will not be able to recover them. Unless, of course, they are backed up, and you have backup copies to fall back onto. When it comes to removal, you can delete Genocheats Ransomware manually, but we suggest using anti-malware software, primarily because of the protection it can provide.