Gamigin Ransomware

Analysis of the newly discovered Gamigin Ransomware threat shows that it is a variant belonging to the Makop Ransomware family. Although the threat may not possess any meaningful improvements over the typical Makop representative, its potential to wreak havoc on any compromised system shouldn't be underestimated in the slighted. Affected users will be prevented from accessing most of their personal or worked related files such as - documents, archives, databases, audio and video files, etc.

Each file that the Gamigin Ransomware encrypts will have its name changed drastically. The malware will append a unique ID specific to the current victim, an email address under the control of the hackers, and a new file extension to the original filenames. The email address is 'gamigin0612@tutanota.com' while the file extension is '.gamigin.' Upon completing its encryption process, the Gamigin Ransomware will drop a ransom-bearing text file in every folder containing locked data. The name of the files carrying the ransom note is 'readme-warning.txt.'

The Gamigin ransom note reveals that to receive additional payment details, users will have to establish contact through the provided email addresses - 'gamigin0612@tutanota.com,' 'mammon0503@protonmail.com' and 'pecunia0318@goat.si.' The hackers allow 2 simple files that are less than 1MB in size to be attached to the email message. The files will supposedly be decrypted for free and returned to the victims of the malware.

The full text of the ransom note is:

'::: Greetings :::

Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted and now have the "gamigin" extension. The file structure was not damaged, we did everything possible so that this could not happen.

.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.

.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

.4.
Q: How to contact with you?
A: You can write us to our mailbox: gamigin0612@tutanota.com or mammon0503@protonmail.com or pecunia0318@goat.si

.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

.6.
Q: If I don’t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.

:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.'