Gryphon Ransomware Removal Guide

Do you know what Gryphon Ransomware is?

Gryphon Ransomware can encipher any data found on the victim’s computer except the one associated with the device’s operating system, graphic card files, and other critical data necessary for the smooth computer’s performance. Otherwise, it would be difficult to display a ransom note. It is a text document containing a message from the cyber criminals who developed the malware. Its purpose is to convince the user to pay requested sum in exchange of a decryption tool. However, the deal might be more complicated than it could look like. There is always a possibility you could end up being scammed since these people cannot offer any guarantees or be trusted. Therefore, instead of risking your savings, we advise you to eliminate Gryphon Ransomware while following the removal guide placed below or by running a full system scan with a reputable antimalware tool. For our readers who wish to know more details about the threat, we invite you to have a look at the rest of the text.

The malicious application can appear on the system after opening some suspicious email attachment, setup file, etc. The first Gryphon Ransomware’s task is to encrypt all targeted files without the user noticing what is happening. As we said before, the malware can harm most of the data located on the device. Our researchers report the infection makes exceptions only for files in the Program Files, Program Files (x86), Windows, Application Data, and a few other directories. All other data should be enciphered with a strong cryptosystem and marked with a second extension called .gryphon, e.g. image.jpg.gryphon, text.docx.gryphon, video.mkv.gryphon, and so on. Sadly, such files become unusable as you can no longer access them.

Furthermore, after targeted data is enciphered Gryphon Ransomware might place a ransom note in the %APPDATA% and create a Registry entry to be able to launch this document automatically. The ransom note tries to convince the user there is no use in looking for other decryption options and that he should pay the ransom to purchase “GRYPHON DECRYPTER” from the malware’s creators. It does not say how much the ransom is, but it would probably be paid in Bitcoins as most of the hackers who develop such malicious applications ask to use this currency to remain anonymous. It is true your files cannot be encrypted without a unique decryption tool. Nonetheless, there is also a possibility volunteer IT specialists could be able to develop a free decryption tool, although it could take time and there are no guarantees. There is one other method that should work for anyone: a simple replacement of enciphered files with copies from removable media devices, cloud storages, and so on.Gryphon Ransomware Removal GuideGryphon Ransomware screenshot
Scroll down for full removal instructions

Even if you have no ways to get your data back, we would still advise you not to deal with the hackers as it might be too risky. The price could be huge, and even if they prove they can decrypt files by deciphering three files according to their offer, in the end, there is not knowing whether they will hold on to their promise. Thus, instead of risking your money and waiting for the promised tool, you may never get, we recommend erasing the malware. At least this way you will be able to make a fresh start. Users who want to get rid of Gryphon Ransomware manually should follow the removal guide located below. As for our readers who would prefer using automatic features, we could suggest installing a reputable antimalware tool and scanning the system.

Erase Gryphon Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Launch the Task Manager.
  3. Open the Processes and locate a process belonging to the malware.
  4. Select this process and press the End Task button.
  5. Exit Task Manager.
  6. Tap Windows Key+E.
  7. Get to your Desktop, Temporary Files, and Downloads folders.
  8. Find the file that infected the system.
  9. Right-click the suspicious file and press Delete.
  10. Navigate to C:\Users\user\AppData\Roaming
  11. Locate the ransom note, right-click it and press Delete.
  12. Close the File Explorer.
  13. Press Windows Key+R, type Regedit and tap OK.
  14. Find the listed path: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  15. Find a key with a value data pointing to the ransom note’s location, e.g. C:\Users\user\AppData\Roaming\Info.txt
  16. Right-click this key and select Delete.
  17. Close the Registry Editor.
  18. Empty the Recycle bin.
  19. Reboot the device.

In non-techie terms:

Gryphon Ransomware is a treat that might damage all your valuable files in a short period. The malicious application may work silently, so you could learn of its presence only after it opens a ransom note. As usual, the hackers demand to make a payment and promise to help decrypt damaged files if you put up with their demands. The problem is you cannot be one hundred percent sure they will not scam you, and so if you do not want to risk losing your money, we would recommend eliminating the infection at once. The process should not be too complicated, and you can follow the removal guide located above to make it even easier. Lastly, if you want a more effortless way to get rid of the malware, you can simply install a reputable antimalware too and let it handle the threat.