GGR Ransomware
The GGR Ransomware is a new variant from the VoidCrypt malware family. Although this means that the threat will be mostly identical to the other ransomware from the VoidCrypt Ransomware family, victims should not underestimate the danger it poses. GGR can affect a wide range of file types and render them unusable via strong encryption.
Each locked file will have its original name changed significantly. The threat appends an email address, a victim's ID, and '.GGR' as a new extension. The email used by GGR Ransomware is 'Loberoper@gmail.com.' Upon locking all target files, the threat delivers a ransom note in the form of a text file named 'Read-it.txt.'
Ransom Note's Details
The first instruction for the victims of the threat is to locate a specific file named 'prvkey.txt.key' on the infected system. The default location of the file is 'C:\ProgramData\' and the information stored in it is crucial for the restoration of the encrypted data. Affected users are supposed to send the file to the two email addresses mentioned in the ransom note - 'Loberoper@gmail.com' and 'Loberoper@gmail.com.' They also are allowed to attach a single encrypted file that is less than 1MB in size to be unlocked for free. As for the ransom demanded by the hackers, the only detail found in the note is that the unspecified sum must be transferred using the Bitcoin cryptocurrency.
The full text of the note is:
'All Your Files Has Been Encrypted
You Have to Pay to Get Your Files Back
Go to C:\ProgramData\ or in Your other Drives and send us prvkey.txt.key file
You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data
Payment should be with Bitcoin
Changing Windows without saving prvkey.txt.key file will cause permanete Data lossOur Email:Loberoper@gmail.com
in Case of no Answer:Loberoper@gmail.com'
