Gdjlosvtnib Ransomware

There is a rapidly growing number of cybercriminals who try their luck in the creation and distribution of file-locking Trojans. The blockade of entry has been lowered significantly by tools like various ransomware building kits that allow even inexperienced conmen to create and propagate data-encrypting Trojans. However, there are still cybercriminals who opt to create their own file-lockers from scratch. This may be the case with the Gdjlosvtnib Ransomware.

Propagation and Encryption

The Gdjlosvtnib Ransomware may be spread via different infection vectors. The authors of the Gdjlosvtnib Ransomware may be using phishing emails to distribute this data-locker. This usually means that users will be targeted at random and receive emails that would either contain a corrupted link or a macro-laced attachment. Other popular propagation methods include torrent trackers, malvertising, bogus social media posts and pages, fake software updates and downloads, etc. The Gdjlosvtnib Ransomware is likely to go after a long list of filetypes including .pdf, .doc, .docx, .txt, .gif, .png, .svg, .jpg, .jpeg, .mid, .midi, .mp3, .wav, .mp4, .mov, .webm, .db, .rar, .zip, .xlsx, .xls, .ppt, .pptx, etc. This means that the majority of the files present on the infected host will be securely encrypted by the Gdjlosvtnib Ransomware. After locking a file, the Gdjlosvtnib Ransomware adds a new extension to its name -‘.gdjlosvtnib.’ This means that a file that you named ‘citrus-spray.gif,’ will be renamed ‘citrus-spray.gif.gdjlosvtnib.’

The Ransom Note

After completing the encryption process, the Gdjlosvtnib Ransomware will drop a ransom note on the user’s desktop. The name of the file containing the attackers’ message is ‘HOW TO RESTORE YOUR FILES.txt.’ In the ransom note, the attackers do not specify the ransom fee. However, they make it clear that they want to be contacted via email – ‘recoverybat@protonmail.com’ and ‘recoverybat@cock.li.’ Users are warned against renaming the encrypted files. The attackers claim to be willing to decrypt up to three files free of charge, as long as they do not contain any important data and do not exceed 1MB in size. The victims have only 48 hours to contact the attackers and pay the ransom fee before their data is lost permanently, according to the authors of the Gdjlosvtnib Ransomware.

It is not a good idea to contact or pay cybercriminals. They keep their promises rarely, so you should not waste your money. It is advisable to download and install a legitimate, up-to-date PC security application that will remove the Gdjlosvtnib Ransomware from your computer safely.