Gibon Ransomware
Posted: November 6, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 47 |
| First Seen: | November 6, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Gibon Ransomware is a Trojan that locks all of the files on your computer, except for the contents of the Windows folder. This Trojan's campaign has various connections with Russian resources and spamming activities, although its encryption and ransoming components are compatible with Windows PCs around the world. Malware analysts recommend having your anti-malware programs vet any downloads you receive over e-mail to intercept and remove the Gibon Ransomware before it can attack your files.
What One Cybercrook can Do to You Over a Network
Despite their popularity in the Black Hat marketplace, file-locking Trojans aren't a united front of consistent design ideology. One of the sharpest divides between Trojans of this category is the use of offline or online-based attacks, with the former offering more reliability at the cost of the flexible configuration of the latter. While malware researchers have yet to come to a definitive conclusion on which approach is superior for harming computer media, the Gibon Ransomware does epitomize many of the advantages of a network-dependent Trojan.
The threat actor controls the Gibon Ransomware through means of an administrator's panel, which the Gibon Ransomware 'pings' repeatedly and makes additional, in-depth data requests for customizing its payload. These features include:
- Every victim receives an automatic registration on the Gibon Ransomware's C&C server, which differentiates between them with a timestamp-based, Base64-encoded label.
- A second string, also using the same encoding method, transfers back to the Gibon Ransomware and provides the majority of its 'ransom note.' Threat actors use these messages to ask for money for undoing the file-locking damages of the associated Trojan's attacks, although malware analysts have no details on payments, at the current time.
- The Gibon Ransomware creates a key for blocking the victim's media locally, instead of acquiring one from the C&C server. However, it also transfers the key over to the threat actor.
These network activities all support the Gibon Ransomware's central function of blocking files with encryption. Although the unreadable data is identifiable through the appending of .'encrypt' extensions, the Gibon Ransomware makes this precaution almost unnecessary since it blocks everything outside of the Windows directory.
Quarantining an E-Mailed Menace
Malware researchers can verify repeated attacks trying to install the Gibon Ransomware via e-mail attachments, which may be targeting either general PC users or particular sectors of business still under determination. Scanning your downloads with appropriate security software and disabling content that's often risky, such as macros, can eliminate many of the risks of these infection vectors. If not able to prevent an attack, victims can unlock their files without paying the Gibon Ransomware's administrator by using freeware decryptors available currently.
Since malware experts see no 'offline mode' options for the Gibon Ransomware's payload, users who identify the issue in time and disconnect their online connections immediately may be able to save their files from any intended damages. However, in worst-case scenarios, the unusually wide degree of media damage that the Gibon Ransomware causes may force the user to use peripheral storage devices to regain access to the necessary security software. Modern anti-malware programs should delete the Gibon Ransomware without any issues other than the persistent data loss that's remediable with other solutions.
The average user should be thankful that the Gibon Ransomware's authors invested in their networking features significantly without putting the same time into securing its file-locking attacks. If they had done so, one's chances of retrieving anything that the Gibon Ransomware blocks could become zero easily.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.