Gvlbsjz Ransomware

The Gvlbsjz Ransomware is a file-locking Trojan that keeps digital media files from opening by encrypting them. As part of the Snatch Ransomware family, it also generates text ransom note typical for that family's template, which provides data-unlocking services for an unknown price via e-mail. Users should withhold ransoms, if possible, have their anti-malware solution remove the Gvlbsjz Ransomware and use a backup for recovery.

Snatchers Still at the File-Grabbing Game

A new threat, the Gvlbsjz Ransomware, is reasonably indistinguishable from other variants of Trojans that share its genealogy but is a telltale sign of familial services like the Snatch Ransomware being an essential part of the dark web's illicit economy. The Gvlbsjz Ransomware is symptomatically all but identical to other, file-locker Trojans from this collective, although malware experts find a few trivial differences in its ransom note's wording. The threat expresses its demands for money and backs them up with the same, encryption-based attacks as its kindred.

The Gvlbsjz Ransomware has numerous comparison points with close relatives in its family, which different threat actors deploy on campaigns like those of the Hbdalna Ransomware, the Jdokao Ransomware, the Cndqmi Ransomware and the Mcauwpjib Ransomware. In all cases, these threats target Windows systems and use a secure encryption routine to block the victim's media files. The Gvlbsjz Ransomware's name derives from the extension it adds to afterward, which, as usual, is a randomly-generated string of characters.

Although malware researchers see minor wording differences between the Gvlbsjz Ransomware's ransom note, a text file, and those of other Trojans from the Snatch Ransomware's family, there are no substantial alterations to the extortion. The threat actor gives a two-day deadline, an e-mail for negotiations, and refrains from providing an upfront price for restoring the files. Users may consider the free demonstration or trial, but should interact with any files supplied by threat actors as potentially dangerous, and scan them before opening in a secured environment.

Setting a Guard against File-Kidnapping Trojans

Besides using a French domain for an e-mail address, the Gvlbsjz Ransomware's payload gives few details that might lead to speculating over a distribution model or demographic of victims. For most attacks, malware researchers find victims encountering some form of unsafe Web content, generally, e-mail attachments with corrupted macros, torrents, or Exploit Kits on compromised websites. Admins also should be alert to the dangers of using weak passwords that attackers could brute-force, giving them an opening into entire servers' worth of files.

Users always should assume that a Trojan with file-locking features may delete any available backups, such as the Restore Points. As such, recovery options without risking a ransom depend on remotely-saved copies, such as a cloud service or a removable drive. There is no decryption service for free that's compatible with members of the Snatch Ransomware family, but samples submitted to appropriate cyber-security researchers may further investigations into its encryption routine and potential for cracking.

Like most Snatch Ransomware releases, anti-malware products should provide a strong defense against infections, along with removing the Gvlbsjz Ransomware in any post-attack situation. Sadly, the removal of the Trojan doesn't undo the encryption that blocks the files.

With not much besides a random name for its page in the Trojan history book, the Gvlbsjz Ransomware is mostly a footnote demonstrating how the Snatch Ransomware thrives. Far from a giant family of Trojans, but still lively enough to cause harm to anyone's files, if they take it lightly.