Gibon Ransomware

The Gibon Ransomware is classified as an original file encoder Trojan that emerged with security reports on November 3rd, 2017. Cybersecurity analysts perceive the Gibon Ransomware as a low- tier threat that features basic obfuscation layers and an unreliable encryption engine. The threat is reported to travel to users via spam emails and run as 'fine.exe' on compromised devices. The Gibon Ransomware Trojan appears to implement an open-source code and encipher images, presentations, text, audio, video, spreadsheets, eBooks, and databases that are smaller than 50MB. It is speculated that the Gibon Ransomware is the work of Russian-speaking attackers due to snippets of code found during the investigation of the Gibon Ransomware cases. Also, the Web panel used to receive connections from the infected users featured a Russian version only.

The Gibon Ransomware Appends the '.Encrypt' Extension

Affected users may find that the Gibon Ransomware has appended the '.encrypt' extension to the names of all enciphered objects. For example, 'Homoptera wings.jpeg' is renamed to 'Homoptera wings.jpeg.encrypt' and no image viewer is able to load the encrypted file. The creators of the Gibon Ransomware designed it to delete the Shadow Volume Copies preserved by Windows for recovery needs. The same can be said for 98% of all other crypto-threats documented to date. Hence, it is in your best interest to implement a third-party backup solution if you intend to secure your data. The ransom message delivered by the threat can be found on the desktop as 'READ_ME_NOW.txt,' which reads:

'Attention! All the files are encrypted!
To restore the files, write to the mail:bomboms123@mail.ru
If you do not receive a response from this mail within 24 hours,
then write to the subsidiary:yourfood20@mail.ru'

Paying the Ransom Money should not be a Priority Choice

Compromised users may be tempted to write an email to 'bomboms123@mail.ru' and 'yourfood20@mail.ru' and seek a fast way to decrypt their data. However, the cybercrooks might request a payment that is north of a thousand dollars, and PC users may not receive a decryptor in the end. Security analysts advise users to eliminate all traces of the Gibon Ransomware with the assistance of a trustworthy anti-malware solution and boot up backup images to rebuild their data safely. You might be interested in contacting the cybersecurity researcher Michael Gillespie‏ on Twitter.com/demonslay335 who claims to offer a free decryptor. AV engines recognize the objects and Registry keys created by the Gibon Ransomware and flag them as:

• Gen:Variant.Symmi.79360
• Ransom_Crypren.R002C0PK417
• TR/Crypren.iqwad
• Trojan.Win32.Generic!BT
• Trojan.Win32.Mlw.euswlf
• Trojan/Win32.Crypren.R212092
• Udsdangerousobject.Multi
• W32/Crypren.ADYO!tr
• Win32/Trojan.ab6