Giyotin Ransomware
The Giyotin Ransomware is an encryption ransomware Trojan that seems to target computer users in Turkey. The Giyotin Ransomware's name translates into 'guillotine' in English. The Giyotin Ransomware carries out a typical ransomware attack, although it seems that some features of the Giyotin Ransomware Trojan have yet to be implemented. The Giyotin Ransomware, as with most ransomware Trojans of this type, is commonly being delivered to victims through corrupted PDF or DOCX files attached to spam email messages.
How the Giyotin Ransomware Attacks a Computer
The Giyotin Ransomware runs on the victim's computer as 'MyRansom.exe,' making various changes to the victim's computer. The Giyotin Ransomware does not encrypt data on test machines, but it is likely that the Giyotin Ransomware follows in the pattern of the LIGMA Ransomware, a ransomware Trojan uncovered in early September 2018 that carried out an effective ransomware attack. Threats like this target the user-generated files such as the ones below:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The files are made inaccessible so that a ransom payment can be demanded. The Giyotin Ransomware is threatening particularly because it seems to intend to compromise the infected computer's Master Boot Record, all in exchange for a ransom of about 60 USD to be paid using a cryptocurrency. Malware researchers are against contacting the criminals responsible for the Giyotin Ransomware attack.
The Giyotin Ransomware's Ransom Demand
The Giyotin Ransomware will demand a ransom payment after encrypting the victim's files and carrying out its attack. To do this, the Giyotin Ransomware delivers ransom notes in the form of text files and changing the infected computer's desktop image. The Giyotin Ransomware's ransom note, written in Turkish reads:
'OOPS, GİYOTİN FİDYE YAZILIMININ KURBANI OLDUNUZ
Bilgisayarınız ve Tüm Önemli Dosyalarınız Şifrelendi. Dosyalarınızı Geri Alıp Bilgisayarınıza Tamamen Erişim Sağlayabilmek İçin Aşağıdaki Adımları Takip Edin
1-İnternet Üzerinden Herhangi Bir Website veya Server Yardımıyla Bİr Bitcoin Hesabı ve Cüzdanı Oluşturun
2-Bİtcoin Hesabınız Üzerinden Aşağıda Belirtilen Adreslerden Herhangi Birine 60$(Dolar) Değerinde Bitcoin Gönderin
3BsZcdJBLvLks7r5T2CfCEfSUJ3cQxA82
3JuU6UkwcYVGjHqxZnwpC8H3oE87DSSEDN
3-Ödeme İşleminden Sonra anony46NcRyptr708onion@protonmail.ch adresine "HACKED" Metni İçeren Bir Mesaj Bırakın
ANCAK FAZLA ZAMANINIZ YOK 12 SAAT İÇERİSİNDE BU İŞLEMLERİ YAPMADIĞINIZ TAKDİRDE BİLGİSAYARINIZ KALICI OLARAK ÇÖKECEKTİR !!!!'
The above text into an English translation:
'OOPS, YOU ARE VICTIMS OF GUILLOTINE RANSOMWARE SOFTWARE
Your Computer and All Your Important Files Are Encrypted. Follow the steps below to get your files back and recover complete access to your computer
1-Create a Bitcoin Account and Wallet with any Website or Server. Help over the Internet
2-Send $60 (Dollar) worth of Bitcoin to any of the addresses listed below
3bszcdjblvlks7r5t2cfcefsuj3cqxa82
3juu6ukwcyvgjhqxznwpc8h3oe87dssedn
3-After Payment, Leave a Message containing "HACKED" Text to anony46NcRyptr708onion@protonmail.ch
BUT IF YOU DO NOT PAY IN 12 HOURS, YOU WILL NOT BE ABLE TO RESTORE YOUR COMPUTER PERMANENTLY !!!!'
