Gucci Ransomware
The Gucci Ransomware is a threatening malware, whose attack can make your files to be lost permanently. The Gucci Ransomware uses an unbreakable encryption method, which makes decryption attempts fruitless. Infected computer users will have only two options: pay the ransom demanded by the attackers or use a backup to restore their files. However, the first option probably will not be a real one, because paying the ransom, in most cases, will not make the people behind the Gucci Ransomware send the decryption software to their victims.
The Gucci Ransomware was pointed out as a member of the Phobos Ransomware family and it can be distributed through corrupted advertisements, torrent websites, email attachments, etc.
The Gucci Ransomware changes the locked files by adding the '.GUCCI' suffix to the end of their original names. As soon as the Gucci Ransomware finishes encrypting the targeted files, it drops a ransom message in a file named 'info.hta or info.text.' The message does not specify the amount of the ransom since it depends on how fast the victims write to them. However, it demands the use of the Bitcoin cryptocurrency and offers free decryption of one file since it is less than 5Mb in size and does not carry valuable information. Finally, they claim that if the victim does not cooperate, they will sell the collected data at specialized auctions.
The ransom message displayed by the Gucci Ransomware reads:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them:
write us to the TOX messenger: tox: CD54A20BCCDAA8209805BB8D4BDE15D542A66CF6E155783ECBE7549D0D6FBD0A59C16E9FD95C
You can download TOX messenger here hxxps://tox.chat/
Write this ID in the title of your message –
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us 1 file for free decryption. The total size of files must be less than 5Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
We also want to notify you that the most important data of your company was copied by us, but we guarantee the confidentiality of private information and information about this incident in case of successful cooperation. Otherwise, we reserve the right to monetize our services by selling your information at specialized auctions.'
