Giyotin Ransomware

The Giyotin Ransomware, also referenced with the alias of Guillotine Ransomware, is a Turkish-based Trojan that displays warning messages asking for ransom money. Although this is its only feature, for now, future releases of this threat could include updates, such as encrypting your files to prevent them from opening. Having backups always is best for saving your media from encryption-abusing attacks, and various anti-malware programs should delete the Giyotin Ransomware without problems.

Turkey Gets the Looming Threat of More Blocked Files

The Middle East is less often a target of file-locker Trojans' campaigns than regions like Europe or North America, but among the nations of that area, Turkey is one of the top victims of such attacks. Malware researchers can verify another Trojan whose development is aiming for victims in that country, joining such precedents of similar Black Hat software as the Kripto64 Ransomware, the data-erasing Tedcrypt Ransomware, the Sifreli Ransomware, or the GitHub code-based Ramsomeer Ransomware. Although the Giyotin Ransomware has yet to receive the encryption that's central to all file-locker Trojans' payloads, further updates are probable of removing that weakness.

The samples of the Giyotin Ransomware available to malware researchers, thus far, include a complete set of ransoming instructions, along with warnings about the encryption and locking of the user's local files. These file-locking attacks may modify the names or extensions of any digital media and are very likely of harming text documents, archives, audio, pictures, video and Microsoft Office-related work. What means of encryption the Giyotin Ransomware might use is undeterminable, at this time, although the AES-256 is a prominent choice among threat actors.

The Giyotin Ransomware displays its ransoming message through a pop-up window showing a local Web page that blocks the user's desktop UI. The contents are in Turkish only, but, otherwise, asks for traditional Bitcoin payments before contacting the criminal for their decryption help. Since the threat actor is asking for under a hundred dollars in the cryptocurrency, malware researchers rate it as unlikely that the Giyotin Ransomware is aiming for corporate servers, rather than random Windows users or small businesses.

A Cost-Efficient Way of Banishing a Skull and Crossbones

The Giyotin Ransomware's pop-up, appropriately, displays a modernized image of the traditional pirate logo, which emphasizes the author's intentions of extorting money under the threat of violence to the victim's files. However, since no version of the Giyotin Ransomware includes an encryption feature, for the moment, malware researchers can't provide any assistance on potential file-unlocking solutions. If the Giyotin Ransomware's code borrows from a well-known family, such as Hidden Tear, free decryption may be a possibility. Alternately, users always can recover their work from secure backups.

Network and server administrators should avoid using brute-forcible login credentials, which are susceptible to attacks that drop file-locker Trojans and run them manually, often, via RDP exploits. Corrupted e-mail messages also are notably preferable for circulating threats of this type. Users with secure passwords, appropriate Remote Desktop settings, and the habit of having their anti-malware products analyze incoming files should delete the Giyotin Ransomware or block its installation before it does any damage.

Turkey continues its historical tendency of being a reoccurring victim of criminals who favor quick-and-easy attacks for blocking content in return for Bitcoins, but where a computer resides isn't the only risk factor. Encryption like that which the Giyotin Ransomware may wield in future releases is equally versatile when used irresponsibly, for damaging work on PCs around the world and in most Oses.