Gerber Ransomware
The Gerber Ransomware is part of the Delphimorix Ransomware family. It uses the RC6 encryption as a method of blocking files on your computer and creates pop-up windows asking for ransom payments for unlocking them. Having backups can safeguard your media against these threats, although free decryption services also are possible, and most anti-malware applications can remove the Gerber Ransomware from your computer preemptively.
The Delphimorix Ransomware Gets into Baby Branding
An addition to the Delphimorix Ransomware's small family, a minor variant of the Delphimorix Red Ransomware, is circulating via the traditional 'freeware' methods. The Gerber Ransomware, first, tricks the users into running it with promises of offering gaming cracks. Instead, it blocks local files and demands ransoms for decrypting them back to normal. Other than the cosmetics and disguise change, malware experts are rating the Gerber Ransomware as being little different from its immediate predecessors in this Trojan family.
The Gerber Ransomware's name is consistent between two versions of the threat, which it promotes in its pop-up ransom note. There are no changes to the encryption feature that the Gerber Ransomware 1.0 and the Gerber Ransomware 2.0 use for locking files (which runs off of the RC6 encryption), and the 'update' from the former to the latter may be due to the threat actor's needing to change e-mail accounts. Importantly, malware experts find both versions of the Gerber Ransomware pretending that they're cracks for Counter-Strike: Global Offensive, which became free-to-play as of early December.
While the Delphimorix Ransomware family isn't dedicated spyware, the Gerber Ransomware does include some limited keylogging features that may monitor the user's behavior or collect credentials. Typically, the Gerber Ransomware infections, if not blocked by appropriate AV software, will encrypt and lock media such as documents or pictures for keeping the users from opening their files. The 'XY6LR' extension that the Gerber Ransomware adds to their names serves as an identifier for anyone in need of sorting their undamaged data from the damaged copies.
Growing Out of Infantile Ransomware Attacks
Like some file-locker Trojans that malware analysts see circulating, the Gerber Ransomware shows evidence of its author being unfamiliar with English and using automated translators for compensating. Its distribution tactic isn't specific regionally since the CSGO is free for downloading to Steam users everywhere. The Gerber Ransomware's executable, also, offers technical details, such as DLL injection, that may make it look legitimate to casual game pirates and other users with interests in illicit software-tampering. Torrents and fake freeware sites are two of the most traditional infection vectors for threats using these hoaxes.
Michael Gillespie, a noted cyber-security researcher with significant experience in the file-locker Trojan analysis, is offering free decryption for any files that become locked by the members of this family. Users may contact him for his assistance with the unlocking solution, although those with backups on secure devices can manage recovery without decryptors. As in most cases, a professional anti-malware product should delete the Gerber Ransomware before it even starts its installation.
The Gerber Ransomware may be a childish name for a Trojan, but file-locker Trojans cause data loss that's of real, financial concern to all PC users. Anyone working in a Windows environment and cultivating an interest in first person shooters will be doing their files a favor by avoiding cheat engines and cracks, which can be problematic in very unexpected ways.
Update December 7th, 2018 — Gerber 2.0 Ransomware
The Gerber 2.0 update features new email and file extension
The Gerber 2.0 Ransomware is a slightly modified variant of the Gerber Ransomware, and it was first spotted by malware researchers who identified a fake Counter-Strike cheat that was detected by anti-virus software. It is likely that the authors of the Gerber 2.0 Ransomware might be planning to spread their harmful application by disguising it as a cheat for various online or offline games. However, what the unlucky cheaters that download the infected application might not know is that they may lose the majority of their files as soon as they try to launch the fake cheat program.
The Gerber 2.0 Ransomware once again utilizes the file ‘Decrypt.TXT’ to store its ransom message, but it uses the email fidonet_world@filemail.cc for contact.
Unfortunately, the Gerber 2.0 Ransomware is not decryptable via free utilities, and its victims will need to find an alternative file recovery method. Contacting the attackers and asking them for help is out of the question since it would be too easy for them to take the money of their victims without providing them in return.
Update December 7th, 2018 — Gerber 3.0 Ransomware
The Gerber 3.0 Ransomware comes with broken encoding and a new extension
The most recent Gerber variant has been dubbed Gerber 3.0 Ransomware, and the changes it includes are the email geraxiy@kerasinov@yandex.com, as well as the broken encoding of the ransom note. According to malware experts, the Gerber 3.0 Ransomware is expected to use the ‘.FJ7QvaR9VUmi’ extension to mark the files it locks. This version also may not be decryptable, and the victims would need to look for alternative file restoration options.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.