Geminis Ransomware
The Geminis Ransomware is a file-locking Trojan that abuses freeware data-compressing software for taking your digital media hostage. Its attacks are monetized through text ransoming messages, similarly to most Trojans of the same classification. Having dependable backups will give any victims an appropriately all-encompassing recovery path for data, and proper anti-malware programs should find, block, and delete the Geminis Ransomware from compromised computers.
Even One of this Trojan Twin is Too Many
The small-name businesses in hacking and cyber-extortion can be less predictable and more unorthodox in their campaigns, unlike the streamlined Ransomware-as-a-Services. Individual Trojans like the Mr.Dec Ransomware, the Craftul Ransomware, and the Lockout Ransomware wield equivalent data-damaging potential to that of any Hidden Tear variant or a Jigsaw Ransomware clone. For the Geminis Ransomware, however, the appearances around such attacks might be deceptive.
The Geminis Ransomware, a Windows Trojan, has most of the traits anticipated in any file-locking threat. The Geminis Ransomware adds its extension into filenames while blocking the related files from opening, and asks for Bitcoin ransoms through text messages. However, the Geminis Ransomware uses a highly untraditional, zip archive-based means of locking content, through a 7-Zip freeware executable that it drops as part of its payload. It also uses a reasonably simple, CMD-based method of searching for target files, such as DOC, JPG, PDF, XLS, ZIP, RAR, MP3 and MP5 formats.
This command-line based blocking method is, however, sufficient for keeping documents and similar content from opening indefinitely, while the threat actor begs for a ransom. The Geminis Ransomware's ransom request is much lower-priced than most of the expectations of competing threat actors, which malware researchers, often, correlated with 'budget' campaigns. As such, the Geminis Ransomware may circulate through random tactics like torrents with the names of popular movies and is an unlikely inclusion in targeted attacks against any workplace networks.
The Cracks in Low-Budget Black Hat Software
Some versions of the Geminis Ransomware are using 'prueba2' filenames; 'prueba' being the Spanish word for 'proof' may help narrow down any likely infection vectors. Besides the torrents mentioned above, and similarly-illicit download links, malware researchers also point to non-secure server settings as a possible source of risk. Users with open RDP settings or poorly-chosen passwords are placing themselves in notable danger of having their files blocked by opportunistic extortionists' campaigns, just like the Geminis Ransomware's attacks.
Although the Geminis Ransomware claims that it's using 'military-grade' encryption, its payload is, as previously described, a modest example of programming that offloads most of its work to third-party software. Users may contact security researchers with experience examining this category of Trojan for their help. They also may recover from any available backups, and malware experts see no movement in the Geminis Ransomware's samples towards erasing the local Restore Points.
The right anti-malware products will find and delete the Geminis Ransomware from Windows systems properly. Victims may also consider offering samples for further improvements to threat databases and raising threat-flagging statistics.
Although the Geminis Ransomware is astrology-themed, there's little that's shining about its campaign. Nonetheless, looking at even a dim star like the Geminis Ransomware can be a blinding experience – at least, for one's media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.