Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Ransomware Gr3g Ransomware

Gr3g Ransomware

By GoldSparrow in Ransomware
Translate To:
English

The Gr3g Ransomware is an encryption ransomware Trojan that was first observed carrying out attacks on October 30, 2017. The Gr3g Ransomware is being delivered to victims through the use of spam email messages with corrupted attachments. The compromised file will have damaged scripts that download and install the Gr3g Ransomware on the victim's computer system. The Gr3g Ransomware is a typical encryption ransomware Trojan that will encrypt the victim's files using a solid encryption algorithm and then demand the payment of a ransom, which, supposedly, will release the decryption key that the victim needs to restore the affected files.

The Primary Targets of the Gr3g Ransomware are North America and Western Europe PCs

The Gr3g Ransomware is being used in attacks against victims in Western Europe and North America currently. The Gr3g Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The Gr3g Ransomware is based on an open source ransomware platform that can encrypt the victim's files effectively and prevent its victims from accessing the affected content. The Gr3g Ransomware will target the user-generated files while avoiding Windows system files. The Gr3g Ransomware targets different file types including video, audio, texts and numerous others. Examples of the types of files that may be targeted by the Gr3g Ransomware infections and attacks from similar threats are:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Gr3g Ransomware will add the file extension '.libbywovas@dr.com.gr3g' to the end of each affected file's name to mark the encrypted files. The Gr3g Ransomware delivers a ransom note to the victim's computer, demanding the payment of a ransom. The message delivered to the victim's computer reads:

'Your files are encrypted.
In case of renaming a file, the file will become unsuitable for decryption. Even we will not have a chance to restore them.
To return your files you have 96 hours. Write to us.
Contacts.
Our email: libbywovas@dr.com
ATTENTION. To email (libbywovas@dr.com) write messages only from these e-mail services.
From other email services, messages may not be received by us.
Yahoo. https://mail.yahoo.com
Gmail. https://www.google.com
Mail. https://www.mail.com
ATTENTION. We will reply you within 24 hours. If there is no response from us, please send your message again.
Tor email: libbywovas@torbox3uiot6wchz.onion
To register tor e-mail, use the service http://torbox3uiot6wchz.onion (Open only to the tor browser)
Send 3 files, each <2 MB (only pictures, text documents or shortcuts). We will decipher them for free, to confirm that we can help you. Wait for further instructions. YOUR KEY. [260 RANDOM CHARACTERS]'

How to Decrypt the Files Compromised by the Gr3g Ransomware

The Gr3g Ransomware ransom note is delivered in a text file named 'Readme.txt' that will be displayed on the infected computer's desktop. The Gr3g Ransomware was released very close to the date of the release of the Colecyrus@mail.com Ransomware, and both use a ransom message that is nearly identical. Because of this, it is possible that these two threats are part of a new Ransomware as a Service (RaaS) campaign, in which the cybercrooks pay for the services of the ransomware provider, which allow them to carry out these attacks without having to create or maintain the encryption ransomware threat. The best protection against the Gr3g Ransomware, as with most encryption ransomware Trojans, is to have file backups on an external memory device. The files encrypted by the Gr3g Ransomware attack cannot be recovered without the decryption key and will need to be recovered from a backup copy.

Trending

Most Viewed

Loading...