GusLocker Ransomware
The GusLocker Ransomware is an encryption ransomware Trojan first observed on October 24, 2018. A couple of variants of the GusLocker Ransomware have been detected. The GusLocker Ransomware carries out a typical encryption ransomware attack, taking victims' files hostage and then demanding a ransom payment to return access to the compromised data.
Symptoms of a GusLocker Ransomware Attack
The GusLocker Ransomware will often be delivered to the victim's computer through corrupted spam email messages. Once the GusLocker Ransomware is installed, it will use the AES and RSA encryptions to make the victim's files inaccessible. The GusLocker Ransomware targets the user-generated files, which may include a wide variety of file types. The GusLocker Ransomware and similar threats will target in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The GusLocker Ransomware enciphers the files in a way that they become inaccessible. The GusLocker Ransomware delivers a ransom note in the form of an HTML file named 'ALL YOUR FILES LOCKED!.html,' which contains the following message:
'ALL YOUR FILES LOCKED!
YOUR PID:[random characters]
YOUR PERSONAL EMAIL: 5BTC@PROTONMAIL.COM
WHAT NOW?
Email us
Write your ID at title of mail and country at body of mail and wait answer.
You have to pay some bitcoins to unlock your files!
DON'T TRY DECRYPT YOUR FILES!
If you try to unlock your files. you may lose access to them!
REMEMBER!
No one can guarantee you a 100% unlock except us!
How to buy bitcoin'
Protecting Your Data from Threats Like the GusLocker Ransomware
The criminals responsible for the attack shouldn't be contacted. Typically, these criminals will try to obtain a ransom payment of several hundred US dollars, paid via Bitcoin, in exchange for the compromised data. However, the payment of the ransom does not guarantee that the data will be returned, and it allows the criminals to continue carrying out these attacks. Instead of risking this, malware researchers strongly urge all computer users to have file backups and a reliable security program to prevent these attacks from happening in the first place. File backups are, without questions, the best protection against threats like the GusLocker Ransomware. Backup copies of the files ensure that any files compromised by the GusLocker Ransomware attack can be replaced with a backup copy after the GusLocker Ransomware Trojan itself is removed from the infected computer. Since the GusLocker Ransomware is often delivered via spam email attachments, learning to deal with this message kind safely also is essential in preventing the GusLocker Ransomware attacks.
