GNS Ransomware

Ransomware threats are very popular in the world of cybercrime. This is because even inexperienced cyber crooks can build and distribute a file-locker with the help of a ransomware building kit. One of the most popular Ransomware families is the Dharma Ransomware family. Security analysts have identified a new data-locker, which belongs to the Dharma Ransomware family – the GNS Ransomware.

Propagation and Encryption

Data-encrypting Trojans are usually programmed to target a very wide variety of filetypes. The GNS Ransomware is no exception. This file-locker is likely to go after .png, .jpeg, .jpg, .svg, .gif, .mp3, .aac, .mid, .midi, .wav, .mp4, .mov, .webm, .ppt, .pptx, .xls, .xlsx, .txt, .doc, .docx, .pdf, .rar, .db, .zip, and many other filetypes. More files locked means a higher chance of being paid. Once the GNS Ransomware breaches a targeted system, it will scan the data present and trigger the encryption process. The encrypted files will have changed names. This is because the GNS Ransomware appends a' .id-.[geniusid@protonmail.ch]. GNS' extension to the names of the affected files. This means that a file, which was called 'almond-eyes.svg,' will be renamed to 'almond-eyes.svg.id-.[geniusid@protonmail.ch]. GNS.' The GNS Ransomware may be spread with the help of fake social media profiles, bogus application downloads, torrent trackers, malicious advertisements, etc. Among the most popular infection vectors are spam emails. Usually, the emails in question would either contain malicious links or macro-laced files.

The Ransom Note

When the encryption process has been completed successfully, the GNS Ransomware will place a file on the user's system, which contains the message of the attackers. The file's name is 'FILES ENCRYPTED.txt,' which is typical for copies of the Dharma Ransomware. The ransom message is very short. There is no information regarding the ransom fee, but it is clear that the attackers want the user to contact them using email – ‘genuisid@protonmail.com' and ‘geniusyourid@cock.li.'

The GNS Ransomware note reads as follows:

YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email geniusid@protonmail.ch YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:geniusyourid@cock.li
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

It is best to ignore the demands of cyber crooks. You may be left empty-handed even if you pay the ransom fee. Make sure you remove the GNS Ransomware from your PC with the assistance of a genuine, up-to-date antivirus solution.