Gatz Ransomware
After a thorough analysis, cybersecurity experts have discovered a new ransomware threat called Gatz. Gatz is classified as a critically harmful threat that targets users' systems by encrypting the files on them and rendering the affected data inaccessible.
Gatz operates by modifying the original file names during the encryption process, appending them with the '.gatz' extension. For instance, a file named '1.jpg' will be renamed to '1.png.gatz,' and similarly, a file named '2.png' will be renamed to '2.png.gatz,' and so forth. Furthermore, Gatz creates a ransom note in the form of a '_readme.txt' file, providing payment instructions to obtain the decryption key needed to unlock the encrypted files.
It is worth noting that Gatz is a part of the STOP/Djvu Ransomware family. It may be distributed alongside other malware such as RedLine, Vidar, or other information stealers. Therefore, users should remain cautious and adopt appropriate security measures to avoid falling victim to further security or privacy risks.
The Gatz Ransomware can Cause Severe Damage to Breached Devices
The '_readme.txt' file included in the Gatz Ransomware attack provides a ransom note detailing the demands of the attacks. According to the note, the encrypted files can only be decrypted using a specific tool and a unique key held by the cybercriminals. Victims must make a ransom payment to obtain these decryption tools.
The note further provides two email addresses - 'support@freshmail.top' and 'datarestorehelp@airmail.cc,' which victims can use to contact the attackers and make the ransom payment. The sum of the demanded ransom is set at $980, which is the typical amount for a STOP/Djvu variant. However, the attackers offer a discount to victims who contact them within 72 hours of the encryption, allowing them to obtain the decryption tool for a reduced price of $490.
It is crucial to note that the decryption tool is not available for free, and it remains under the control of the attackers. However, meeting the demands of the threat, actors is strongly discouraged. Not only are there no guarantees that victims will receive the necessary decryption tools or be able to restore all of their impacted data successfully, but any amount of money sent to cybercriminals will likely only further their criminal activities.
Protecting Your Devices and Data against Threats Like the Gatz Ransomware is Crucial
To protect their devices and data against ransomware infection, users must adopt a comprehensive approach to cybersecurity that involves a combination of prevention, detection, and response measures.
Preventive measures include:
- Keeping the device and software always updated.
- Using strong and unique passwords.
- Being cautious of suspicious emails, links, and attachments.
- Avoiding downloading software or files from untrusted sources.
It also is essential to have reliable antivirus and anti-malware software installed and configured correctly.
However, prevention is not always 100% effective, and thus, it is critical to have detection measures in place. This can be achieved by monitoring the device for any unusual activity, such as unexpected pop-ups or changes to file names or extensions. Additionally, regular data backups should be taken, and the backups are better to be saved in a secure, independent place.
Finally, users also should have a response action prepared to fight a ransomware attack. This plan should include isolating the infected device from the network, identifying the specific malware threat, and taking immediate action to mitigate the damage and clean the breached system.
Overall, protecting devices and data against ransomware infection requires a multi-layered approach that involves prevention, detection, and response measures. It is crucial to be vigilant and proactive in implementing these measures to minimize the risk of a ransomware attack and mitigate the impact if one does occur.
The text of the ransom note dropped by Gatz Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-pznhigpUwP
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
