Gingerbread Ransomware
The Gingerbread Ransomware, a ransomware Trojan uncovered in November of 2016, caught the attention of PC security analysts due to the uniqueness and bizarre nature of its ransom note background and image. The Gingerbread Ransomware uses a fairly typical attack, which is different from many ransomware Trojans in that it combines the RSA and XOR encryption to take over the victim's files. Unfortunately, it may not be possible to recover the files that have been encrypted using the Gingerbread Ransomware currently. The Gingerbread Ransomware may be a variant of the ISHTAR Ransomware, which is part of a wave of ransomware attacks that are targeted toward computer users in Russian speaking countries. The Gingerbread Ransomware is being distributed through corrupted spam email messages. The Gingerbread Ransomware has numerous variants associated with different email addresses. Some of the email addresses that are related to the Gingerbread Ransomware, which are added to the end of the encrypted file names as file extensions to identify the files that have been affected by the Gingerbread Ransomware include:
- .COMODO@EXECS.COM
- .HELP@AUSI.COM
- .Heinz@oaht.com
- .NUMBAZA@SEZNAM.CZ
- .SOS@AUSI.COM
- .ZANZIBAR@umpire.com
- .anna_stepanova@aol.com_
- .byaki_buki@aol.com
- .evromaidan2014@aol.com
- .kolobocheg@aol.com
- .moshiax@aol.com_
- .oduvansh@aol.com
Table of Contents
How the Gingerbread Ransomware Attack Works
The Gingerbread Ransomware tends to target media files, databases, and Office documents, apart from a wide variety of other file types. The Gingerbread Ransomware seems to be designed to target computer users in Russian-speaking locations and is programmed using Delphi. The Gingerbread Ransomware will scan the victim's computer for certain file types, often targeting the following locations in its attack:
- %UserProfile%\Desktop
- %UserProfile%\Downloads
- %UserProfile%\Documents
- %UserProfile%\Pictures
- %UserProfile%\Music
- %UserProfile%\Videos
The Gingerbread Ransomware unique background image and bizarre ransom note background may be based on a Russian folktale, about a pie that comes alive and can talk and goes on various adventures.
The Ransom Note Displayed by the Gingerbread Ransomware
The Gingerbread Ransomware delivers the following message to demand the ransom from its victims:
'Файлы зашифрованы! Колобок ушел от бабушки и от дедушки, и обнаружил,
что у него нет денег даже квартиру не снять! Долго думал колобок, захотел
повеситься - но не смог. И всё, на что он может рассчитывать - на Вашу помощь!
Помоги колобку, а он вернет тебе файлы! Отпиши на эти данные, указав
идентификатор: Почта - kolobocheg@ао1.com
Идентификатор - k1
За дополнительной информацией – http://www.filesencoded.com'
Which, when translated into English, reads:
'the Gingerbread pie left grandmother and grandfather and found out
that he doesn't have money for an apartment! He tried to find a solution but couldn't.
So, he needs your help! Help the Gingerbread and he will help you return your files,
send the following information including the identification: Mail: kolobocheg@ао1.com Identification: k1
For additional information – http://www.filesencoded.com'
Dealing with the Gingerbread Ransomware Attack
PC security researchers do not advise computer users to pay the Gingerbread Ransomware ransom. In many cases, con artists will simply ask for more money or ignore the victims after they have paid. Instead, you should take preventive measures to mitigate the effects of these attacks. Fortunately, computer users can become invulnerable to the Gingerbread Ransomware and other ransomware Trojans by simply ensuring that there are backups of all data (an essential step that should always be taken, regardless of the risk of ransomware). If PC users can recover their files by simply restoring them from the backup quickly, then the people responsible for attacks like the Gingerbread Ransomware will no longer have any leverage to demand the payment of a ransom. In fact, if having file backups becomes a widespread security practice, attacks like the Gingerbread Ransomware will become obsolete quickly. One hopeful sign is that PC security analysts have observed an increase in older forms of ransomware, such as screen lockers, which may start to replace file encryption Trojans like the Gingerbread Ransomware gradually as widespread attacks. This may be, in part because more computer users are backing up their data regularly every day, thanks to the wide availability of cloud storage and affordable external drives.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.