GEROSAN Ransomware
The GEROSAN Ransomware is one of the most recently spotted file-encrypting Trojans on the Internet. A growing number of cyber crooks are pumping out ransomware threats as they are seen as a high-prize low-risk type of endeavor, which is likely to generate them some good revenue.
Propagation and Encryption
Once the GEROSAN Ransomware was uncovered, malware researchers began studying it and concluded that this data-locking Trojan is a variant of the notorious STOP Ransomware. They are not sure which are the infection vectors employed in the spreading of the GEROSAN Ransomware. Some have speculated that the most common methods of propagating this threat may be at play in the case of the GEROSAN Ransomware too – fake software updates, bogus pirated copies of popular applications and mass spam email campaigns. When the GEROSAN Ransomware compromises a PC successfully, it will scan it to locate the files, which will be marked for encryption. This ransomware threat targets a very long list of filetypes to ensure maximum damage. Then, all the marked files will undergo the encryption process of the GEROSAN Ransomware. Once this is completed, the files affected will have their names changed. This file-locking Trojan appends a ''.gerosan'' extension to the names of all the newly locked files. For example, if a file was initially called ''The-End.txt'' once the encryption process is through its name will be altered to ''The-End.txt.gerosan.''
The Ransom Note
The GEROSAN Ransomware will then drop a ransom note named ''_readme.txt.'' The note states:
’ATTENTION!
Don’t worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-oEUEuysYiZ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
stoneland@firemail.cc
Reserve e-mail address to contact us:
gorentos@bitmessage.ch
Support Telegram account:
@datarestore
Your personal ID:’
The ransom fee demanded by the attackers is $980. However, they claim that all victims who get in touch with them within 72 hours will be given a 50% discount, which means they will ''only'' have to pay $490. The creators of the GEROSAN Ransomware offer to decrypt one file free of charge. This is done to convince the user that the attackers have a working decryption key. The authors of the GEROSAN Ransomware give out two email addresses as a means to contact them – ''gorentos@bitmessage.ch'' and ''stoneland@firemail.cc.'' For the victims who may prefer to converse over Telegram, they have provided their Telegram contact details too - @datarestore.
It is always preferable to keep your distance in regards to cybercriminals. They deliver on their promises rarely but will gladly take your hard-earned cash. A safer solution is to obtain a reputable cybersecurity tool and wipe off the GEROSAN Ransomware from your computer.
