Gendarmerie Ransomware
Posted: November 2, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 68 |
| First Seen: | November 2, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Gendarmerie Ransomware is a Trojan that pretends to be part of an FBI-endorsed attack that blocks the media-related files of your computer. Like similar threats that use harmful cryptography, users can protect their work easily by backing their drives up to other devices, although malware experts also recommend testing free decryptors instead of paying a ransom. Professional anti-malware programs, such as brand ones with historical potency against Hidden Tear, are ideal for removing the Gendarmerie Ransomware without causing any further damage.
Hidden Tear Goes into Law Enforcement
Unsurprisingly, threat actors are still eager to use the free and straightforward code of Utku Sen's Hidden Tear for blocking media and demanding money after the fact. However, one recent variation on this theme, the Gendarmerie Ransomware, is including details of an old tactic to help push its extortion's success rates. Along with the traditional symptoms, such as locking files individually with encryption, the Gendarmerie Ransomware also pretends to be a product of the FBI.
The Gendarmerie Ransomware, as per its name, is targeting French speakers, although malware researchers have yet to confirm public attacks utilizing the Trojan. Its core features include the locking of files, such as documents or images, with an AES-based encoding that uses a static, hard-coded key instead of a dynamic, custom-generated one. Its name marker for all blocked media, the '.hacking' extension may be intended as a placeholder until the threat actors develop additional, thematic components for the Trojan's payload.
The Gendarmerie Ransomware also creates a Notepad file for the victim to read that includes most of this campaign's more unusual elements. While the Gendarmerie Ransomware does offer the traditional choice of paying its con artists for a file-unlocking solution, it asks for payment in Neosurf coupons instead of a typical cryptocurrency. According to our malware experts' prior investigations, these prepaid voucher-based ransoms are most common to file-locking threats operating in Europe. The Gendarmerie Ransomware's message also is notable for including fake FBI and law enforcement references, making the Trojan appear as if it's a legal, punitive tool, instead of an illicit software.
Keeping a Bad Cop Crying for Money
Although the Gendarmerie Ransomware's police tactic uses minimal, cosmetic elements and omits the previously-popular graphical support found in old types of European Trojans, it does include a real possibility of damaging your files. Since malware experts rate the chances of successful third-party solutions for the Gendarmerie Ransomware as being high, victims may want to contact trustworthy anti-malware researchers for any file-unlocking assistance they require. Having backups that can recover your files without a decryptor is ideal, although you always should attend to any ongoing security issues, such as the Gendarmerie Ransomware infections, first.
The Gendarmerie Ransomware is, like any Hidden Tear variant, a Windows-only threat that, despite its language preferences, may run and block media on PCs around the world. Trojans with similar payloads usually circulate through known methods, such as spam e-mails, and often may disguise themselves as being a non-toxic content. Anti-malware protection can help with both uninstalling the Gendarmerie Ransomware and detecting its installer before any attacks can happen.
No matter what country you're in, law enforcement will never ask for legal fees through channels like prepaid vouchers or cryptocurrencies. Hoaxes like those in the up-and-coming the Gendarmerie Ransomware campaign benefit from reflexive fear and ignorance of the law from those they attack primarily, which makes knowledge and preparation into critical defenses.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.