Gingerbread Ransomware

The Gingerbread Ransomware, a ransomware Trojan uncovered in November of 2016, caught the attention of PC security analysts due to the uniqueness and bizarre nature of its ransom note background and image. The Gingerbread Ransomware uses a fairly typical attack, which is different from many ransomware Trojans in that it combines the RSA and XOR encryption to take over the victim's files. Unfortunately, it may not be possible to recover the files that have been encrypted using the Gingerbread Ransomware currently. The Gingerbread Ransomware may be a variant of the ISHTAR Ransomware, which is part of a wave of ransomware attacks that are targeted toward computer users in Russian speaking countries. The Gingerbread Ransomware is being distributed through corrupted spam email messages. The Gingerbread Ransomware has numerous variants associated with different email addresses. Some of the email addresses that are related to the Gingerbread Ransomware, which are added to the end of the encrypted file names as file extensions to identify the files that have been affected by the Gingerbread Ransomware include:

• .COMODO@EXECS.COM
• .HELP@AUSI.COM
• .Heinz@oaht.com
• .NUMBAZA@SEZNAM.CZ
• .SOS@AUSI.COM
• .ZANZIBAR@umpire.com
• .anna_stepanova@aol.com_
• .byaki_buki@aol.com
• .evromaidan2014@aol.com
• .kolobocheg@aol.com
• .moshiax@aol.com_
• .oduvansh@aol.com

How the Gingerbread Ransomware Attack Works

The Gingerbread Ransomware tends to target media files, databases, and Office documents, apart from a wide variety of other file types. The Gingerbread Ransomware seems to be designed to target computer users in Russian-speaking locations and is programmed using Delphi. The Gingerbread Ransomware will scan the victim's computer for certain file types, often targeting the following locations in its attack:

• %UserProfile%\Desktop
• %UserProfile%\Downloads
• %UserProfile%\Documents
• %UserProfile%\Pictures
• %UserProfile%\Music
• %UserProfile%\Videos

The Gingerbread Ransomware unique background image and bizarre ransom note background may be based on a Russian folktale, about a pie that comes alive and can talk and goes on various adventures.

The Ransom Note Displayed by the Gingerbread Ransomware

The Gingerbread Ransomware delivers the following message to demand the ransom from its victims:

'Файлы зашифрованы! Колобок ушел от бабушки и от дедушки, и обнаружил,
что у него нет денег даже квартиру не снять! Долго думал колобок, захотел
повеситься - но не смог. И всё, на что он может рассчитывать - на Вашу помощь!
Помоги колобку, а он вернет тебе файлы! Отпиши на эти данные, указав
идентификатор: Почта - kolobocheg@ао1.com
Идентификатор - k1
За дополнительной информацией – http://www.filesencoded.com'

Which, when translated into English, reads:

'the Gingerbread pie left grandmother and grandfather and found out
that he doesn't have money for an apartment! He tried to find a solution but couldn't.
So, he needs your help! Help the Gingerbread and he will help you return your files,
send the following information including the identification: Mail: kolobocheg@ао1.com Identification: k1
For additional information – http://www.filesencoded.com'

Dealing with the Gingerbread Ransomware Attack

PC security researchers do not advise computer users to pay the Gingerbread Ransomware ransom. In many cases, con artists will simply ask for more money or ignore the victims after they have paid. Instead, you should take preventive measures to mitigate the effects of these attacks. Fortunately, computer users can become invulnerable to the Gingerbread Ransomware and other ransomware Trojans by simply ensuring that there are backups of all data (an essential step that should always be taken, regardless of the risk of ransomware). If PC users can recover their files by simply restoring them from the backup quickly, then the people responsible for attacks like the Gingerbread Ransomware will no longer have any leverage to demand the payment of a ransom. In fact, if having file backups becomes a widespread security practice, attacks like the Gingerbread Ransomware will become obsolete quickly. One hopeful sign is that PC security analysts have observed an increase in older forms of ransomware, such as screen lockers, which may start to replace file encryption Trojans like the Gingerbread Ransomware gradually as widespread attacks. This may be, in part because more computer users are backing up their data regularly every day, thanks to the wide availability of cloud storage and affordable external drives.