A new ransomware called GetCrypt is being installed through malvertising campaigns that redirect victims to the RIG exploit kit. Once installed, GetCrypt will encrypt all of the files on a computer and then demand a ransom payment to decrypt the files. How GetCrypt encrypts a computer Security researcher Vitali Kremez who also saw nao_sec's tweet analyzed the ransomware and found some interesting features, which he shared with BleepingComputer. When the exploit kit executes the ransomware, GetCrypt will check if the Windows language is set to Ukrainian, Belarusian, Russian, or Kazakh. If it is, the ransomware will terminate and not encrypt the computer. When encrypting files it does not target particular file types, but rather encrypts every file that is not located in or under the following folders: :\$Recycle.Bin :\ProgramData :\Users\All Users :\Program Files :\Local Settings :\Windows :\Boot :\System Volume Information :\Recovery AppData GetCrypt Encrypted Files While encrypting files, GetCrypt will also create ransom note named # decrypt my files #.txt in each folder that is encrypted and on the desktop.