Geneve Ransomware
The Geneve Ransomware has, so far, not been categorized as belonging to any of the previously existing ransomware families. This in no way diminished its ability to cause severe damages to any computer it manages to infiltrate, as it uses a combination of powerful crypto-graphical algorithms to encrypt nearly all of the stored files. The Geneve Ransomware creates a random extension for the specific victim and appends it to every encrypted file's original filename. Once the encryption process is complete, a file named 'DECRYPT.html' carrying the criminals' instruction is dropped in every folder with locked data.
In the lengthy note, the hackers specify that the Geneve Ransomware uses a combination of the AES-256 and RSA-2048 encryption algorithms. Apparently, the threat also is equipped with the functionality to delete the default backups of the files created by Windows' Shadow Volume Copy service. The hackers demand the sum of $800 paid in Bitcoin to be sent to a cryptocurrency wallet that is under their control. First, however, the Geneve Ransomware victims must contact them by sending an email to either 'geneve010@protonmail.com' or 'geneve020@protonmail.com.' Affected users are allowed to send one file that has to be an image and less than 5 MB in size to be decrypted for free.
The full text of the note dropped by Geneve Ransowmare is:
'Your files are encrypted
How to decrypt your files?
You need to buy a decryptor. Decryptor - is a software which we create for each client separately, it contains unique private key to recover client's files.
This is a business for us and we work honestly. If we do not do our work and liabilities - no one will cooperate with us.
Current price: $800 ≈ 0.07458021 BTC
How to buy decryptor?
Send us an email to: geneve010@protonmail.com or geneve020@protonmail.com
In subject line of your message write your personal ID: -
Create a Bitcoin Wallet (we recommend blockchain.com)
Buy the necessary amount of Bitcoins. Current amount for buying is
0.07458021
BTC
Send amount to the address that you receive when write to us
Download decryptor from the email message
* We guarantee that you can decrypt all your files quickly and safely.
Why should I pay?
Why should I pay if there are free decryptors in the internet? So, we have an answer. There are some programs which storage private key on the client machine and it gives a chance for antivirus companies to find it and recover files. We don't work in this way. Private key storage on our servers and have never been on your machine.
Maybe in-build functionality of Windows "shadow copies" can help you? They could, but we deleted them all.
What about file restore programs? We have cared about it also. There is a cipher utility which populate each sector of your HDD with zero, then with one and then again with zero. It kills chances to restore files from HDD sectors.
What if hack encryption algorithm? We use (AES256 with RSA-2048) algorithm it makes not possible decryption without private key (even NSA can't hack it).
It means there is no chance to restore your files without our software. If you try, you can lose your files and we will not be able to help you.
What guarantees?
To verify the possibility of the recovery of your files we can decrypt one image file for free.
You can send it by email, the size of image should be less then 5mb.'
