Home Malware Programs Ransomware GusLocker Ransomware

GusLocker Ransomware

Posted: October 25, 2018

The GusLocker Ransomware is a file-locking Trojan that uses an unknown encryption algorithm for blocking files on your computer, such as formats related to personal or workplace media. Although the GusLocker Ransomware generates customized ransoming information for its victims, the users should remember that paying a ransom doesn't always purchase a legitimate decryption service. Have a Windows-compatible anti-malware program uninstall the GusLocker Ransomware before recovering your files from their last backups.

Your Files' New 'Friend' Named Gus

A file-locker Trojan that isn't an obvious variant of freeware or the various Ransomware-as-a-Service pedigrees in the RaaS black market immediately is getting uploaded to threat databases, possibly, as part of a testing process for how well cyber-security products are detecting it. This file-locker Trojan, the GusLocker Ransomware, uses an operational procedure that's basic but effective at damaging locally-stored data, which it supplements with a semi-custom ransoming request. Its footprint is sufficiently small that only one out of every three AV brands identifies the GusLocker Ransomware as a threatening application.

The GusLocker Ransomware's executable is under a megabyte, and malware experts rate it as being compatible with most versions of the Windows OS. Its encryption routine uses an enciphering method that's not identifiable yet, although malware experts find most threats of this classification using AES, RSA, XOR, or a combination of the three algorithms. These encrypted and 'locked' files may range from text documents, spreadsheets and databases to visual or audio media.

The file-locker Trojan, also, drops a set of ransoming instructions for the victim. The template is one that malware experts don't connect to well-known families, like the Globe Ransomware, but uses a structure that's similar to them, by providing a customized ID, an e-mail and a request for Bitcoin-based payment. Although the e-mail address implies a fee of five Bitcoins, the extreme expense of such a ransom (over thirty thousand USD) makes this price unlikely.

Uninviting a Costly Computer Guest

As a threat that surfaced no earlier than late October of 2018, the GusLocker Ransomware is, still, avoiding many of the detection metrics that various anti-malware products use for identifying file-locker Trojan successfully. Always update all security software regularly for helping them maximize the accuracy of their databases. While the GusLocker Ransomware campaign doesn't seem to have launched into public distribution, malware researchers recommend keeping eyes close to the following infection vectors:

  • E-mail messages might distribute the GusLocker Ransomware directly, or as a downloadable file, associated with corrupted attachments. To trick their victims into opening them, these files, usually, pretend that they're related to general-purpose media, such as a news article or financial documentation.
  • Brute-force attacks can compromise servers on an individual basis by breaking through unsafe login combinations of guessable account names and passwords. Such attacks, usually, also involve the threat actor's taking advantage of the local RDP or Remote Desktop Protocol settings.
  • 'Amateur' campaigns are more likely of using torrents, or file-sharing websites for installing their threats, which they pretend are cracks or installers for AAA games, or movie files for the latest theatrical releases, for example.

Up-to-date security software should be capable of deleting the GusLocker Ransomware on sight, but having backups of your hard drive may be required for recovering anything that this Trojan encrypts successfully. Malware experts have yet to analyze any possibilities concerning developing a free decryption program for the GusLocker Ransomware.

The GusLocker Ransomware may not be an update of one of the great families of file-locking Trojans but makes money in just the same way as them. Since even bare-bones backup software can deprive it of its ransom, Windows users have every reason to bother with age-old data redundancy solutions.

Loading...