Geneve Ransomware
The Geneve Ransomware is a file-locking Trojan that can block media on your computer by encrypting each file, such as documents or pictures. Barred files may have random extensions, and the Trojan also leaves an HTML ransom note that asks for money (currently, 800 USD in Bitcoins). For defense, most cyber-security services should block installation attempts or remove the Geneve Ransomware after its installation.
Well-Polished Threats with Hands Held Out for Ransoms
There's little difficulty programming a file-locking Trojan, which leverages features that even amateur programmers can customize with free resources. However, Ransomware-as-a-Services still are popular among a particular segment of the threat landscape, and what might be a new iteration of the business model is appearing. The new the Geneve Ransomware could be a one-time-only, independent threat, but its ransom note format suggests differently.
The Geneve Ransomware uses encryption – currently, malware experts estimate the traditional choice of AES-256 with an RSA key – for blocking digital media formats of files on Windows systems. Once completing the attack, it labels each file with an apparently-random extension of alphabet characters, such as 'fezmm.' It also removes the user's Shadow Volume Copy data, eliminating an obvious recovery point for the victim.
The campaign for the Geneve Ransomware provides English language HTML pages as ransom notes. The page uses a configurable format, with data entry fields for information like e-mails, IDs, and ransom amounts. So far, it asks for a ransom that's not too dissimilar from that of the STOP Ransomware family, at eight hundred USD in Bitcoins. Future attacks may modify any of the Geneve Ransomware's contact information or price points for different victims and administrators, which is a point in favor of its being a Ransomware-as-a-Service.
Taking the Financing Out of Foundational Trojan Businesses
In file-locking attacks, victims should avoid paying ransoms whenever possible. Doing so encourages new campaigns from the same threat actor and further work on any associated software or Ransomware-as-a-Service infrastructure. Furthermore, buying a decryptor doesn't always return one to the customer, or may result in buggy software that doesn't correctly decrypt file data.
Users who test a decryption tool should create copies of the files in question before running them through a decryption routine to recover in cases of corruption. Still, malware researchers recommend backups as the superior option, in all cases. Typically-secure removable devices or most cloud services will prevent the Geneve Ransomware attacks from causing any undue damage that the user can't roll back to normal.
A professional anti-malware service should account for most file-locking Trojans, including independents like this one and families like Hidden Tear or the Djvu Ransomware. For these tools, removing the Geneve Ransomware should prove itself trivial.
The degree of nuance in the Geneve Ransomware's ransom note might seem solely-aesthetic but hints at underlying importance and organization. Still, any user with a good backup can rest safe, knowing that RaaSes and lone Trojans alike aren't much of a concern.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.