Geometrical Ransomware
Geometrical is a ransomware threat that has been increasingly targeting individuals and organizations. It encrypts data on infected machines and asks for a ransom payment in exchange for the decryption key. The ransomware is known for appending a '.geometrical' extension to the names of encrypted files. For instance, files originally named '1.jpg' and '2.pdf' would appear as "1.jpg.geometrical' and '2.pdf.geometrical' after encryption.
Table of Contents
The Mechanism of Attack
Upon infection, the Geometrical Ransomware encrypts files on the compromised system, effectively rendering them inaccessible. The ransomware appends the ".geometrical" extension to each encrypted file, altering their names and making it evident which files have been compromised.
The Ransom Note
After encryption, Geometrical creates a ransom note titled "read_it.txt." The note, translated roughly from Korean, informs victims that their files have been encrypted and that decryption requires a key held by the attackers. Victims are instructed to pay $300 for the decryption key, with the ransom doubling each day they delay contacting the cybercriminals. Additionally, the note warns that 100 files will be permanently deleted each day if the ransom is not paid.
Threats and Warnings
The ransom note explicitly warns victims against attempting to remove the ransomware, deleting the encrypted files, or using anti-malware programs. These actions, according to the attackers, may render the data undecryptable. Cybersecurity experts emphasize that decryption without the attackers' key is generally impossible, except in cases of flawed ransomware. However, accepting to pay the ransom does not guarantee data recovery, as criminals often fail to provide the necessary decryption tools even after payment.
Risks and Consequences
- Data Loss: An example of the primary risks associated with the Geometrical Ransomware is the potential permanent loss of data. The attackers' threat to delete 100 files daily adds pressure on victims to comply with their demands quickly.
- Financial Impact: Victims face financial losses not only from the ransom payment but also from potential downtime, data loss, and the cost of recovery efforts. Even after paying the ransom, there is no certainty that the data will be restored, leading to further financial and operational disruptions.
- Ethical and Legal Implications: Paying the ransom supports and perpetuates criminal activities. Moreover, engaging with cybercriminals can have legal and ethical ramifications, potentially implicating victims in further illegal activities.
Prevention and Protection Measures
- Regular Backups: Preserve regular backups of important data. Make sure that these backups are stored offline or in a safe, isolated environment to prevent them from being targeted by ransomware.
- Anti-Ransomware Software: Utilize robust anti-malware software to detect and prevent ransomware attacks. Keep all software updated to protect against the latest threats.
- User Education and Awareness: Educate employees and other PC users about the risks of ransomware and the importance of cautious behavior online. Training should include recognizing phishing attempts and avoiding suspicious downloads or links.
- Secure Networks and Systems: Implement strong safety protections, such as intrusion detection systems, firewalls and secure configurations. Regularly update and patch systems to protect against vulnerabilities.
The Geometrical Ransomware represents a significant threat to data security and integrity. While the encryption of files and subsequent ransom demands pose immediate risks, the broader implications of supporting cyber criminal activities and the potential for permanent data loss are profound. By implementing comprehensive security measures, educating users, and maintaining regular backups, individuals and organizations can protect their data and mitigate the impact of ransomware attacks. Ensuring a proactive approach to cybersecurity is essential in safeguarding against threats like the GeometricalRansomware.
The text of the threat in its original Korean language is:
'geometrical ransomeware. v1
기하학적 랜섬웨어. v1
made by j.d.h.
opps! 당신의 모든 파일들은 암호화 되었습니다.
군사 수준의 알고리즘을 풀어 당신의 파일들을 복구하는 방법은 복구키를 구입하는 방법뿐입니다.
300$를 보내야 합니다.
당신의 해독 키는 1736-29467-28ke-dj72 이며 이를 입력하여 확인 후 복호화 키를 구입 가능합니다.
바이러스 파일을 삭제시키거나 백신을 키지 마십시오.
안티 바이러스가 업데이트되고 바이러스가 자동으로 삭제되면 돈을 지불했더라도 복구가 불가능 합니다. 하루가 지날 수록 지불해야 하는 금액은 배가 되며, 매일 100개의 파일들이 삭제됩니다.
문의:geometrical@geometrical.ransome.kr
왜 그렇게 심각하지?
좀 웃어봐
make smile.'
