GlUTe Ransomware
The GlUTe Ransomware is a file-locker Trojan that stops documents and similar media from opening by encrypting each file in turn. Since this Trojan is a product of the free Xorist Ransomware kit, victims may recover their data through a compatible, public decryptor or use backups. Having anti-malware products available will prevent most infections and assist with uninstalling the GlUTe Ransomware without unwanted side effects.
A Toolkit Trojan that's Majoring in Ransom Note Theft
The Xorist Ransomware isn't as widely in use as more secure alternatives, like the premium Ransomware-as-a-Service families and even Hidden Tear. Despite its drawbacks, including a publicly available decryptor, criminals pick it up and customize a Trojan for a new campaign occasionally. The GlUTe Ransomware is the latest example, following the EnCiPhErEd Ransomware, the MCrypt2019 Ransomware, the MBRCodes Ransomware and the PrOtOnIs Ransomware.
The GlUTe Ransomware is a typical output from the Xorist Ransomware Trojan-building toolkit. The Trojan is a Windows program that encrypts files using either XOR or TEA so that they can't open, adds its customized extension into their names and leaves a text ransom note behind. Its most identifiable trait is the extortionist message. Oddly, the TXT file's text is a copy of the Major Ransomware family's equivalent. Although the instructions are in English, grammatical errors are unchanged, which leaves the author's professionalism and nationality equally doubtful.
Malware researchers' investigation into the GlUTe Ransomware's ransoming activity also shows more details implying that the threat actor isn't experienced or highly-trained. Despite being out in the wild, the GlUTe Ransomware has yet to collect any ransoms (converted from Bitcoin to a USD equivalent of roughly six hundred and fifty dollars). Its wallet also shows signs of completely unrelated activity dating back to 2019, as opposed to being opened just for this Trojan's campaign.
The Path to Having a Criminal's Dusty Wallet Stay Empty
The Shadow Volume Copies and the Restore Points that depend on them are a possible means of recovering any content that a file-locking Trojan like the GlUTe Ransomware holds hostage. Users shouldn't depend on the Restore Points solely – most families of Trojans with harmful encryption features will delete such backups by default, through CMD commands or other means. As an extra means of saving files against infection scenarios, malware experts highly recommend having spare backups on non-local, password-protected devices.
There also is a freeware decryption utility for the Xorist Ransomware's various members. Users can copy encrypted files for testing the decryptor with their variant, potentially recovering any lost digital media inexpensively. Formats that are under assault by threats of the GlUTe Ransomware's category include documents, spreadsheets, audio, video clips, archives, local Web pages and server databases frequently.
The GlUTe Ransomware is a very casual foray into the threat landscape, but even the laziest of attacks against a stranger's data is deadly potentially. With a payload that can hold irreplaceable content hostage, only an even more careless person would take another offspring of Xorist Ransomware too lightly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.