Ransomware Gwisin

Gwisin ransomware has been increasing the number of its attacks around the world. Asian countries, such as Korea, have been the target of an unprecedented wave of Gwisin ransomware attacks.

Unlike other ransomware, Gwisin chooses and studies its victims very carefully. Each of them unknowingly undergoes a detailed analysis before being attacked.

Gwisin ransomware is distributed in MSI installation file format and then the means of spreading the virus becomes customized for each victim. This is exactly why it takes time to study the target before the attack.

Being able to infect both Windows and Linux operating systems, Gwisin has spooked experts by its very high infection speed. The support for file encryption even without safe mode has also caught the attention of experts.

Once the encryption process is complete, the infected files are given an extension with the company’s own name.

The operatives then leave a ransom note called “Restore-My-Files.txt” in the environment. In the same file the victim will find the step-by-step instructions for contacting the group responsible for the attack and recovering his or her data. The amount of the ransom will also be mentioned, usually ranging around 0.005BTC (approximately 120.00$USD).

Although many victims will agree to pay the ransom, this is not recommended practice as hackers are criminals who offer no real guarantees for the return of stolen data.

After suffering an attack, a company or institution needs to be very well monitored. Digital Recovery can be counted on for this.

Recover files encrypted by Gwisin ransomware

Digital Recovery is a data recovery company with an experience of over 23 years in the market. Our experts have developed innovative ways to recover data encrypted by ransomware.

Our solutions allow us to recover files that have been encrypted on databases, servers, storage devices, RAID systems, virtual machines and other systems.

All of these solutions can also be run remotely and deployed quickly and securely to any company in the world.

Knowing that confidentiality is essential for any organization that has been hacked, we have established a confidentiality agreement (NDA) that we make available to all our customers.

We can begin the recovery process immediately; just give us a call and request an advanced diagnostic.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Recuperar Ransomware Makop

Makop Ransomware

Makop ransomware has been expanding through its affiliate program, RaaS (Ransomware as a Service), a tactic that aims to seek partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.