Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GIBON Ransomware Help & Support Topic (READ_ME_NOW.txt * .encrypt)


  • Please log in to reply
2 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,271 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:08 PM

Posted 03 November 2017 - 04:05 PM

A new ransomware has been discovered called GIBON Ransomware. This ransomware will encrypt files and append the .encrypt extension to the file name. It will also drop ransom note named READ_ME_NOW.txt in each folder that a file is encrypted.

The ransom notes are currently using the emails: bomboms123@mail.ru & subsidiary:yourfood20@mail.ru

The good news is that this ransomware may be decryptable. If you are infected with this ransomware, please post a reply to this topic and we will see if we can help.
 

ransom-note.png



BC AdBot (Login to Remove)

 


m

#2 b33bjyRGiR8m

b33bjyRGiR8m

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 07 November 2017 - 07:55 AM

Hello. Thanks for your post. I don't seem to find anything regarding IOCs related to this malware.
Can you post the binary's hashes. or send it to any VM analysis web like hybrid-analysis? I want to filter the URLs or IPs it connects to.

Thanks by advance!



#3 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,271 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:08 PM

Posted 07 November 2017 - 04:11 PM

Info here:

https://www.bleepingcomputer.com/news/security/gibon-ransomware-being-distributued-by-malspam/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users