Threat Database Ransomware Grethen Ransomware

Grethen Ransomware

By GoldSparrow in Ransomware

Malware experts have spotted a brand-new data-encrypting Trojan claiming victims online. The name of this new pest is the Grethen Ransomware, and upon further inspection, it revealed to be a variant of the notorious Scarab Ransomware.

Propagation and Encryption

It is not clear what are the exact infection vectors responsible for the propagation of this file-locking Trojan. Some researchers believe that spam emails containing macro-laced attachments, pirated fake copies of legitimate tools, and fraudulent software updates can be among the propagation methods involved in the spreading of the Grethen Ransomware. When the Grethen Ransomware manages to infect a system, it will begin its malicious activities by performing a scan whose goal is to locate all the targeted files. The next step is the encryption process. The Grethen Ransomware uses an encryption algorithm to lock the targeted data. All the newly locked files will have their names changed as the Grethen Ransomware appends a ‘.[grethen@tuta.io]’ extension to them. This means that a file which was originally called ‘lost-muse.txt’ will be renamed to ‘lost-muse.txt.[grethen@tuta.io] after the encryption process it through.

The Ransom Note

Once this step is completed, the Grethen Ransomware will drop two ransom notes – ‘READ ME.txt’ and ‘READ ME.hta.’ In the note, the attackers offer the victim to unlock up to three files free of charge, as long as they are no larger than 3MB. This is usually done to prove to the user that the attackers are able to unlock the encrypted data successfully. The authors of the Grethen Ransomware do not mention a specific ransom fee but make it clear that the sum demanded has to be in the shape of Bitcoin. There are two email addresses provided for the victim – ‘grethen@tuta.io’ and ‘grethen@protonmail.ch.’

We would advise you to stay away from cyber criminals at all costs. Nothing good comes out of paying them or attempting to negotiate. Instead, you should look into obtaining a

Trending

Most Viewed

Loading...