Gesd Ransomware

The Gesd Ransomware is a file-locking Trojan that's part of the STOP Ransomware's Ransomware-as-a-Service family. By renting the Trojan software out to third parties, the RaaS business creates numerous variants, all of which can block your files with encryption. Because free decryption isn't a definitive possibility, users should attend to their backup practices for safety and let anti-malware services delete the Gesd Ransomware from their PCs as appropriate.

The Next Version of Expensive File Problems

As with any programming project, a Trojan business that depends on iterating upon itself will usually retain all of its starting focus while adding new complexities or efficiencies, such as more secure encryption or heuristics evasion. Between the Truke Ransomware's 1.05, the Dodoc Ransomware's 1.25, the Davda Ransomware's 095, the Boston Ransomware's 099, and the Gesd Ransomware's 0191, there is a wealth of samples showing how the STOP Ransomware Ransomware-as-a-Service makes its money. The Gesd Ransomware is one of the later versions but, still, makes few unexpected swerves in its payload.

Windows users may download the Gesd Ransomware unintentionally through exposing their browsers to the Fallout Exploit Kit's scripted attacks, by interacting with corrupted e-mail attachments or through torrents. The Gesd Ransomware's primary feature abuses encryption with AES and RSA algorithms for locking content securely. A disabled Internet connection can block the Gesd Ransomware's C&C contact and facilitate recovering any files that the Trojan locks. Still, the limited symptoms mean that doing so in time can be a matter of luck.

As support for its locking behavior, the Gesd Ransomware changes files' extensions into 'gesd' strings, which is in line with this family's use of semi-random characters for its theme. The Trojan also creates text messages that keep to the formatting malware experts see in current STOP Ransomware versions, with demo links, discounts for paying quickly and a ransom for unlocking of 980 USD. Criminals are, unfortunately, not always reliable decryption partners, even for victims who pay immediately.

Making Your Media a Hard Target for Ransoms

The Gesd Ransomware may also drop related threats onto Windows environments, including AZORult, which exfiltrates passwords. Since the STOP Ransomware family is profit-motivated explicitly, the theft of passwords is likely to facilitate cross-machine network encryption, deleting backups or gaining credentials for selling on the black market. Sufficiently robust network security features like 2FA restricted RDP, and avoiding brute-forcible logins can shore up these vulnerabilities.

Malware researchers are seeing cases of the Gesd Ransomware in the wild, rather than testing detection rates against conventional threat databases merely. However, its distribution model isn't a known factor. Criminals could be leveraging the random distribution nature of torrenting networks or using browser-based attacks like an Exploit Kit. Workers should deactivate unsafe browser features whenever browsing a possibly unsafe site and always avoid opening files from sources without safe reputations unless they've scanned them, first.

Although limited decryption or unlocking solutions are possible with the STOP Ransomware's releases, preventing the initial damage is a different matter. Nearly all anti-malware products are proven as effective against this family and should delete the Gesd Ransomware, assuming that they're active and not outdated notably.

When the 'same old, same old' continues getting ransoms out of the deal, criminals have little incentive for reworking their business models. The Gesd Ransomware is another regular workday at the office for extortionists, and its victims are, hopefully, just as dedicated to their day-to-day backups.