Gremit Ransomware

Posted: November 4, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	84

First Seen:	November 4, 2016
OS(es) Affected:	Windows

The Gremit Ransomware is a Trojan that may encode or delete your files, as well as display pop-ups asking for Bitcoins for restoring them. Most PC users should be able to reduce any damages from the Gremit Ransomware's payload to negligible levels by keeping backups in locations this Trojan can't access. Using specialized anti-malware software is the only means of uninstalling the Gremit Ransomware malware experts can endorse officially.

An Eye into a Trojan's Development

The process of creating and deploying a Trojan is as granular as that of any other kind of software development, and, sometimes, the PC security sector happens upon a sample that is a clear work-in-progress. The Gremit Ransomware is one of the newest of these threats, but already, its author has prioritized having fully-functioning encryption attacks before the rest of this Trojan's code is complete. Its campaign uses data encryption along with a simple lock screen window to block the compromised PC and force its operator to pay a ransom.

Most file-encrypting Trojans use AES-based algorithms for their data-encoding attacks, and the Gremit Ransomware upholds this pattern. The Gremit Ransomware targets files based on their directory locations, and current versions of the Gremit Ransomware only attempt encrypting the 'C:\Users\Tim\encrypt' folder. Although this restriction marks the Gremit Ransomware as a still-developing threat without a public release, the encryption attack is entirely functional at encoding, and blocking, any files in the relevant location. Currently, the Gremit Ransomware attacks data without checking for specific format types, which is a marked deviation from the strategies deployed by similar threats.

The Gremit Ransomware's more user-unfriendly attacks also include HTML pop-ups that it uses to block the desktop UI. Affected PC operators only are asked to pay a ransom of 0.03 Bitcoins (slightly over twenty USD) to restore their content to normal, a much lower demand than those of most data-ransoming Trojans.

Cutting Off a New Threat Campaign Before It can be Born

Although cheap, the Gremit Ransomware offers no more certainty than other threats that transferring money to the threat actor manning its administration panel will result in decryption help in return. Preferred strategies for recouping from these attacks rely on having backups that the Gremit Ransomware can't encrypt or delete, such as copying your files over to USB devices that aren't left plugged into the PC.

Content requiring decryption will include the new extension of '.rnsmwr' appended to any old extensions. Many families of file-encrypting Trojans are susceptible to decoding efforts by third parties, such as PC security companies willing to invest in freeware decryptors. If needed, ask for assistance in data recovery from appropriate entities before removing the Gremit Ransomware with your anti-malware program permanently.

Whether or not the Gremit Ransomware will prove profitable to its threat actor, is up to the actions and precautions of its potential victims largely. No matter how affordable a ransom for your files might be, malware analysts are always willing to remind PC owners that a good backup is even cheaper than a fraction of a Bitcoin.