GNS Ransomware
The GNS Ransomware is a file-locking Trojan based on a Trojan-generating kit, the Crysis Ransomware. Its family, also referred to as Dharma Ransomware, is noteworthy for using secure encryption attacks that stop users' files from opening and ransoming a recovery solution. Users can keep backups on other devices as alternate recovery options and depend on most anti-malware tools to remove the GNS Ransomware.
Criminals Outsmarting Someone's File Storage Plan
As the Dharma Ransomware family persists in its unlawful productivity, its various children offer different-but-interchangeable sources of endangerment for Windows users without the best backup plans. Interestingly, two recent releases, the GNS Ransomware and the Felix Ransomware are behaving from one another very differently. In both samples, though, the tale is as old as time – encrypting file data and expecting ransoms from the files' owners.
The GNS Ransomware's name is an abbreviation of its e-mail address ('geniusid'), which users can find on any files that the Trojan locks, along with custom IDs and the Trojan's initials. As is typical of this family, the GNS Ransomware uses AES encryption for the file-locking attack, which secures the files from opening in any associated programs until the user decrypts them with a compatible service. This function targets media formats in extensive public use, such as different documents, pictures, archives, spreadsheets and music.
The GNS Ransomware also is a very traditional example of its family, which contrasts with the more creative the Felix Ransomware. It doesn't display the latter's counter-modifying behavior but does change the Registry for typical exploits such as auto startup. The GNS Ransomware also deletes the Shadow Volume Copies, which stops users from getting to their Restore Points and recovering their work while ignoring the Trojan's ransom demands.
The Small Worth of Self-Proclaimed Geniuses of Trojan Campaigns
The GNS Ransomware's campaign has little that's not part of old examples of the same Ransomware-as-a-Service, such as the Hlpp Ransomware, the Lxhlp Ransomware, the YKUP Ransomware or the manufacturer-themed Asus Ransomware. Besides a different e-mail address (but with the usual, free provider) and a new extension, its attacks are all copy-paste elements. Windows users on Windows 10 and other, recent versions are at the most risk from this threat.
Paying the ransom that the GNS Ransomware demands in its advanced HTML pop-up does little for guaranteeing the arrival of a compatible and non-buggy unlocking service. Responsible file storage practices, such as updating backups regularly and keeping them on other devices, give the only fully-comprehensive and free solution to the GNS Ransomware infections. However, malware experts can encourage several ways of preventing them. These include being careful around e-mail attachments, turning off features such as macros, JavaScript, Java, and Flash and avoiding vulnerabilities like weak passwords.
It's not much of a genius to copy someone else's programming homework, but there also is something to be said for the GNS Ransomware's 'work smarter, not harder' philosophy. Ransomware-as-a-Services will work until their victims choose otherwise, by copying their files to safe places that Trojans like the GNS Ransomware can't grasp.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.