Gerkaman@aol.com Ransomware

Posted: September 1, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	54

First Seen:	September 1, 2016
OS(es) Affected:	Windows

The 'Gerkaman@aol.com' Ransomware is a file encryption Trojan that blocks your data by ciphering it. Since this threat is a probable candidate for belonging to the Crysis Ransomware family, the 'Gerkaman@aol.com' Ransomware may be able to prevent PC users from using free alternatives to its extortion plan, which isn't guaranteed to give them a compatible decryptor. A good anti-malware defense and keeping backups are the most certain forms of protecting your information or removing the 'Gerkaman@aol.com' Ransomware before it can launch an attack.

The Trojan Piercing Even Your Best Effort Firewall

The many releases of new Trojans devoted to encrypting data, potentially without a recovery solution, sometimes can overwhelm even the most diligent PC security companies. As this arms race continues, fresh groups of threat actors surprise malware researchers with their dedication to beating old security solutions to deliver a standard payload of file encrypting attacks continually. Even paying a high price for professional network security isn't foolproof, which the early attacks of the 'Gerkaman@aol.com' Ransomware demonstrate.

The 'Gerkaman@aol.com' Ransomware attacks, first confirmed in March, keeps within the standards most often seen in the family of Trojans building themselves off of the CrySiS toolkit. Along with its other family members, from the 'Mailrepa.lotos@aol.com' Ransomware to the Masterlock@india.com Ransomware, the 'Gerkaman@aol.com' Ransomware uses encryption algorithms for encoding your files automatically and adds both an e-mail contact and an extension (the '.xtbl' tag that it shares with Troldesh-based threats) to the end of their names.

The standard operating procedure for these Trojans includes asking for an anonymous means of being paid a ransom, such as a Bitcoin wallet transaction, after which the con artists may or may not help decrypt your data. Malware researchers found more unusual attributes in the 'Gerkaman@aol.com' Ransomware's distribution methods, which have successful histories of penetrating premium firewall features. Originally, the Comodo company's Host Intrusion Prevention System, or HIPS, a feature explicitly designed for blocking corrupted executables like the 'Gerkaman@aol.com' Ransomware, also was demonstrably ineffective at stopping this threat.

Turning Up the Heat on Surprisingly Evasive Threats

PC owners never should take the periodic ability of Trojans like the 'Gerkaman@aol.com' Ransomware to avoid usual anti-malware solutions as a sign to ignore useful security measures, such as having a firewall. The PC security sector provides routine updates for combating new Trojan campaigns and recovering from the worst damages, such as file encrypting attacks. However, even the best anti-malware products are imperfect substitutes for PC owners who act responsibly, avoid unsafe downloads, and rotate through a set of strong passwords with regularity.

Very often, third-party methods can't decode the encrypted data of Trojans based on CrySiS, including the 'Gerkaman@aol.com' Ransomware potentially. Setting the contents of your hard drive to back itself up to a cloud server or another device is the best fail-safe for all data encryption Trojans. Of course, malware analysts also recommend removing the 'Gerkaman@aol.com' Ransomware with your anti-malware tools before copying new data that could be vulnerable to another attack equally.

Even the best security software doesn't convey complete immunity to the campaigns of a skilled threat author. In its best light, the 'Gerkaman@aol.com' Ransomware is a reminder that PC security is a constant back-and-forth skirmish that's unlikely to be ending anytime soon.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%SystemDrive%\Users\<username>\AppData\Local\CLEAN_GERK_2.0.exe

File name: CLEAN_GERK_2.0.exe
Size: 380.41 KB (380416 bytes)
MD5: 56d7fdc09e6edc3701b179bcffc33277
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Local
Group: Malware file
Last Updated: September 1, 2016