Gerkaman@aol.com Ransomware
Posted: September 1, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 54 |
First Seen: | September 1, 2016 |
---|---|
OS(es) Affected: | Windows |
The 'Gerkaman@aol.com' Ransomware is a file encryption Trojan that blocks your data by ciphering it. Since this threat is a probable candidate for belonging to the Crysis Ransomware family, the 'Gerkaman@aol.com' Ransomware may be able to prevent PC users from using free alternatives to its extortion plan, which isn't guaranteed to give them a compatible decryptor. A good anti-malware defense and keeping backups are the most certain forms of protecting your information or removing the 'Gerkaman@aol.com' Ransomware before it can launch an attack.
The Trojan Piercing Even Your Best Effort Firewall
The many releases of new Trojans devoted to encrypting data, potentially without a recovery solution, sometimes can overwhelm even the most diligent PC security companies. As this arms race continues, fresh groups of threat actors surprise malware researchers with their dedication to beating old security solutions to deliver a standard payload of file encrypting attacks continually. Even paying a high price for professional network security isn't foolproof, which the early attacks of the 'Gerkaman@aol.com' Ransomware demonstrate.
The 'Gerkaman@aol.com' Ransomware attacks, first confirmed in March, keeps within the standards most often seen in the family of Trojans building themselves off of the CrySiS toolkit. Along with its other family members, from the 'Mailrepa.lotos@aol.com' Ransomware to the Masterlock@india.com Ransomware, the 'Gerkaman@aol.com' Ransomware uses encryption algorithms for encoding your files automatically and adds both an e-mail contact and an extension (the '.xtbl' tag that it shares with Troldesh-based threats) to the end of their names.
The standard operating procedure for these Trojans includes asking for an anonymous means of being paid a ransom, such as a Bitcoin wallet transaction, after which the con artists may or may not help decrypt your data. Malware researchers found more unusual attributes in the 'Gerkaman@aol.com' Ransomware's distribution methods, which have successful histories of penetrating premium firewall features. Originally, the Comodo company's Host Intrusion Prevention System, or HIPS, a feature explicitly designed for blocking corrupted executables like the 'Gerkaman@aol.com' Ransomware, also was demonstrably ineffective at stopping this threat.
Turning Up the Heat on Surprisingly Evasive Threats
PC owners never should take the periodic ability of Trojans like the 'Gerkaman@aol.com' Ransomware to avoid usual anti-malware solutions as a sign to ignore useful security measures, such as having a firewall. The PC security sector provides routine updates for combating new Trojan campaigns and recovering from the worst damages, such as file encrypting attacks. However, even the best anti-malware products are imperfect substitutes for PC owners who act responsibly, avoid unsafe downloads, and rotate through a set of strong passwords with regularity.
Very often, third-party methods can't decode the encrypted data of Trojans based on CrySiS, including the 'Gerkaman@aol.com' Ransomware potentially. Setting the contents of your hard drive to back itself up to a cloud server or another device is the best fail-safe for all data encryption Trojans. Of course, malware analysts also recommend removing the 'Gerkaman@aol.com' Ransomware with your anti-malware tools before copying new data that could be vulnerable to another attack equally.
Even the best security software doesn't convey complete immunity to the campaigns of a skilled threat author. In its best light, the 'Gerkaman@aol.com' Ransomware is a reminder that PC security is a constant back-and-forth skirmish that's unlikely to be ending anytime soon.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SystemDrive%\Users\<username>\AppData\Local\CLEAN_GERK_2.0.exe
File name: CLEAN_GERK_2.0.exeSize: 380.41 KB (380416 bytes)
MD5: 56d7fdc09e6edc3701b179bcffc33277
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Local
Group: Malware file
Last Updated: September 1, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.