Gedantar ransomware - How to remove

Gedantar ransomware is called this way because the main malicious file of this virus is called “gedantar.exe”. Since it is ransomware infection, results of it infecting yuor computer can be devastating – it will lock your files and then ask for the ransom to be paid.

Cyber criminals behind this infection want you to pay the ransom and then they will provide you with decryptor and never contact you again. However, we offer you to choose different case scenario – you should remove the virus itself first and then search for alternative methods to unlock your files.

Actually, you won’t have to look very far – in this article we will try to provide you with all of the assistance that might be needed in order to effectively solve this problem.

Gedantar virus is targeted to Russian-speaking users

It is believed that Gedantar infection is just a new, updated version of Unlock92 virus, thus we already know a lot about it. Yet that does not mean that it will be any easier to deal with it – if your computer is infected with Gedantar, you will have to face a lot of difficulties.

Even though it is obvious that this virus is targeted to the audience that speaks Russian, you can get infected even if you live in US or Europe and don’t know a single word in Russian. In fact, that will be even more complicated because you won’t be able to understand their message, which explains what you should do and what had happened. The original text from ransom note delivered by Gedantar:

Ваши файльi были зашифрованы с помощью алгоритма Г5А-2048 Если вы хотите их вернуть то отправьте один из зашифрованных файлов на е-mai1: [email protected]


Если вы не получили ответ в течение суток то скачайте с сайта л.огрго]ес.согл браузер ТОК и с его помощью зайдите на сайт http://n3r2kuzhw2h7x6j5.onion – там будет указан действующий и почтовый ящик. 


Попытки самостоятельного восстановления файлов могут безвозвратно их испортить!

Transleted into English it would look like this:

Your files were encrypted using the G5A-2048 algorithm. If you want to return them, send one of the encrypted files to e-mai1: [email protected]


If you do not receive a reply within 24 hours, download the TOR browser and use it to go to the site http://n3r2kuzhw2h7x6j5.onion – there you will see your current situation and the mailbox.


Attempts to repair files yourself can irrevocably ruin them!

As you can see, crooks behind Gedantar ransomware claim that your files were encrypted using strong G5A-2048 encryption algorithm and in order to decrypt them, you need to download Tor browser, enter deep web, contact them at email [email protected] and receive further instructions.

Browsing deep web is dangerous itself and we genuinely do not recommend to do what those crooks are telling you to. It is not known how much you will be asked to pay, but regardless of that, it’s not worth paying the ransom.

Extension applied to encrypted files is indeed unique and strange. Gedantar inserts 8 random characters between the file name and its’ extension. For instance, if you had file “file.txt”, now it wil look like “file.8 random symbols.txt”.

The very first thing you need to do after finding out that your computer is infected – remove this virus with reliable anti-malware application. We suggest to use Spyhunter for this task. Scan your computer with either one of those tools and Gedantar virus should be removed immediately.

Sadly, this won’t unlock your files. What’s even worse – free decryptor for this virus is not available yet, so the shot at getting your files back is to restre them from a backup. Most of the Windows operating systems create backup files automatically, so if you were lucky enough and your backup file was not damaged by the virus, please follow these system restore instructions and retrieve your personal files.

Also, we highly recommend to read our security guide against ransomware – it will help you to avoid infections like this in the future.

Automatic Malware removal tools