G-STARS Ransomware

G-STARS is a threatening program that falls under the category of ransomware. It is a type of malware designed to encrypt data and demand payment from victims for its decryption. In the case of the G-STARS Ransomware, it locks various file types on the infected systems and modifies their file titles. The threat appends the original filenames with a unique ID, the email address of the cyber criminals, and a distinct '.G-STARS' extension. The email address used in the modified file names is 'support.antimalware@onionmail.com.' To further instill fear and pressure on the victims, the attackers create ransom notes, which can be found in two different formats: a text file named 'info.txt' and a pop-up window created from an 'into.hta' file.

The G-STARS Ransomware has been identified as a variant of the Phobos Ransomware family, indicating that it shares similarities and codebase with this known ransomware strain.

Victims of G-STARS Ransomware Are Extorted for Money

Both G-STARS Ransomware's ransom notes delivered similar messages to the victims. The affected users are promptly notified that their files have undergone encryption, making them inaccessible without the necessary decryption keys. The ransom notes urgently instruct the victim to initiate contact with the attackers via the provided communication channels.

Moreover, the message claim that sensitive information has been collected and exfiltrated from the compromised devices. According to G-STARS Ransomware's note, the obtained data may range from employee and client data to financial records and manufacturing documents. This added layer of vulnerability puts immense pressure on the victim to comply with the attackers' demands.

To further heighten the urgency of the situation, the ransom notes issue a warning that any delay in contacting the attackers will result in an escalation of the ransom amount. Additionally, the attackers threaten to leak the stolen content publicly, further coercing the victim to act swiftly.

Decryption is rarely achievable without the direct involvement of the attackers behind the specific ransomware threat. However, even if the ransom demands are met, victims often do not get the promised decryption keys or tools, leaving them in a precarious situation. As a result, paying the ransom is strongly advised against, as it not only fails to guarantee data recovery but also perpetuates the illegal activities of the attackers.

Ensure That Your Devices and Data Are Sufficiently Protected

Ensuring the safety of devices and data from ransomware attacks requires a combination of proactive measures and cautious behavior. Here are some essential steps users can take to protect themselves:

• Install and Update Security Software: Use reputable anti-malware software on all devices, including computers and mobile devices. Keep this software up-to-date to ensure it can detect and prevent the latest ransomware threats.
•  Regular Software Updates: Keep your operating system, applications, and all software up-to-date with the latest security patches and updates. Cybercriminals often exploit known vulnerabilities, so updating regularly helps to mitigate these risks.
•  Enable Firewall: Ensure that your device's firewall is activated. Firewalls act as a barricade between your device and the internet, blocking unauthorized access and reducing the risk of infection.
•  Be Cautious with Email: Avoid clicking on suspicious links or downloading attachments from unknown senders. Be particularly cautious with emails that seem urgent or ask for personal information, as ransomware attackers often use phishing techniques to gain access.
•  Backup Your Data: Regularly back up your important files to an external device or a secure cloud storage service. This way, even if your data gets encrypted by ransomware, you can restore it from the backups without paying the ransom.
•  Educate Yourself and Others: Stay informed about the latest ransomware threats and techniques used by cybercriminals. Educate family members and colleagues about the risks and best practices to follow.

By implementing these measures and staying vigilant, users can significantly narrow the risk of falling victim to ransomware attacks and protect their devices and valuable data from harm.

The full text of the ransom notes left to the victims of the G-STARS Ransomware is:

'Hello my dear friend. All your files have been encrypted!

Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted. The only method of recovering files is to purchase decrypt tool and unique key for you.
If you want to recover your files, write us to this e-mail: support.antimalware@onionmail.com In case of no answer in 24 hours write us to this e-mail:support.antimalware@msgden.com
Our online operator is available in the messenger Telegram: @Files_decrypt or hxxps://t.me/Files_decrypt
If there is no response from our mail, you can install ICQ software on your PC here hxxps://icq.com/windows/ or on smartphone from Appstore / Google Play Market search for "ICQ"
Write to our ICQ @Ransomware_Decrypt hxxps://icq.im/Ransomware_Decrypt/ Or download the (Session) messenger (hxxps://getsession.org) in messenger: 0569a7c0949434c9c4464cf2423f66d046e3e08654e4164404b1dc23783096d313
You have to add this ID - and we will complete our converstion.
Or download the Tox Chat (hxxps://tox.chat/download.html') in messenger: C20A4B4AC30BBF70E7F2340FC0F97B08FA58B6E041557ABBF29EAF82FED0C47D79239FA26B51 You must add this ID 9ECFA84E-3442and write to us.

Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly.

Your Data
Sensitive data on your system was DOWNLOADED.
If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.

Data includes:
Employees personal data, CVs, DL, SSN.
Complete network map including credentials for local and remote services.
Private financial information including: clients data, bills, budgets, annual reports, bank statements.
Manufacturing documents including: datagrams, schemas, drawings in solidworks format
And more…

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write - the more favorable conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption.'