Gillette Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | April 2, 2019 |
| Last Seen: | April 10, 2019 |
| OS(es) Affected: | Windows |
The Gillette Ransomware is an encryption ransomware Trojan that was first observed on March 28, 2019. The main intended victims of the Gillette Ransomware attack are individual computer users. The Gillette Ransomware carries out a typical encryption ransomware attack, taking victims' files hostage and then demanding a ransom payment. Threats like the Gillette Ransomware make the victim's files inaccessible permanently, requiring file backups to restore any data compromised by the Gillette Ransomware attack.
The Gillette Ransomware will Work Like a Razor to Shave Files From Your Reach
The Gillette Ransomware uses the AES and RSA encryptions to make victims' files inaccessible. The Gillette Ransomware, once the victim's files have been encrypted, delivers the decryption key to its Command and Control servers, making it impossible for the victim to recover the data compromised by the Gillette Ransomware attack. Victims of the Gillette Ransomware attack are asked to contact the criminals via 'gillette-help@mail.com'. The Gillette Ransomware infection is easy to be spotted because it changes the file names by adding the file extension '.GILLETTE' to the file's name. The Gillette Ransomware targets the user-generated files, which may include a wide variety of file types such as media files, documents, databases and numerous other data containers. Threats like the Gillette Ransomware tend to target some particular file types, which include:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
Once the chosen files have been encrypted, the Gillette Ransomware delivers its ransom note in a text file named 'Decrypt DATA.txt,' which contains the following message for the victim:
'All your important files are encrypted
There is only one way to get your files back: contact us, pay, and get decryptor software
We accept Bitcoin
You have Your personal identifier, write in letter when contact with us.
Also, you can decrypt 1 file for test, its guarantee what we can decrypt your files.
Attention!
Do not rename encrypted files.
Do not try to decrypt using third party software, it may cause permanent data loss.
For decrypt your data write to email
Contact information: gillette_help@mail.com or gillette-help@mail.com
and tells us your unique ID — ID-[random chars]'
Protecting Your Data from Threats Like the Gillette Ransomware
It is not recommended to contact the criminals responsible for the Gillette Ransomware attack. Computer users also should refrain from paying any ransom associated with this threat. Computer users must protect their data preemptively, such as having file backups stored in a safe location instead of paying the Gillette Ransomware ransom. It also is fundamental to have a security program that is fully up-to-date, which can be used to intercept the Gillette Ransomware before the victim's files are compromised.
