Gwisin Ransomware

Gwisin ransomware has been increasing the number of its attacks around the world. Asian countries, such as Korea, have been the target of an unprecedented wave of Gwisin ransomware attacks.

Unlike other ransomware, Gwisin chooses and studies its victims very carefully. Each of them unknowingly undergoes a detailed analysis before being attacked.

Gwisin ransomware is distributed in MSI installation file format and then the means of spreading the virus becomes customized for each victim. This is exactly why it takes time to study the target before the attack.

Able to infect both Windows and Linux operating systems, Gwisin has spooked experts by its rather high infection speed. The support for file encryption even without safe mode has also caught the attention of experts.

Once the encryption process is complete, the infected files gain an extension with the company’s own name.

The operatives then leave a ransom note called “Restore-My-Files.txt” in the environment. In the same file, the victim will find the step-by-step instructions to contact the group responsible for the attack and recover their data. The amount of the ransom will also be mentioned, usually ranging around 0.005BTC (approximately $120.00USD).

Although many victims will agree to pay the ransom, this is not recommended practice as hackers are criminals who offer no real guarantees for the return of stolen data.

After suffering an attack, a company or institution needs to be very well monitored. For this, you can count on Digital Recovery.

Recover files encrypted by Gwisin ransomware

Digital Recovery is a data recovery company with an experience of over 23 years in the market. Our experts have developed innovative ways to recover data encrypted by ransomware.

Our solutions allow us to recover files that have been encrypted on databases, servers, storage devices, RAID systems, virtual machines and other systems.

All these solutions can also be executed remotely and adopted quickly and securely in any company in the world.

Knowing that confidentiality is essential for any organisation that has been hacked, we have established a confidentiality agreement (NDA) that we make available to all our clients.

We can begin the recovery process immediately; simply call us and request an advanced diagnostic.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Récupérer le Ransomware Makop

Makop Ransomware

The Makop ransomware has grown through its affiliate programme, RaaS (Ransomware as a Service), a tactic that aims to find partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.