Guvara Ransomware
The Guvara Ransomware is an encryption ransomware Trojan that was first observed in April 2019. The Guvara Ransomware is a variant in the STOP Ransomware family, specifically of the STOP/Djvu variant for which no working decryptor exists currently. The STOP Ransomware family was first observed in early 2018. Since its first appearance, numerous versions of this ransomware family have been spotted. While a decryption program was released for earlier STOP Ransomware variants, criminals have continued to develop these threats, always staying ahead of PC security researchers. The Guvara Ransomware variant is marked with the version number 'v065,' implying that there have been 64 releases in this ransomware family before the Guvara Ransomware.
Table of Contents
Why the Guvara Ransomware Attack is Threatening
There is very little to differentiate the Guvara Ransomware from the numerous other encryption ransomware Trojans used to carry out these attacks currently. The Guvara Ransomware Trojan uses the AES and RSA encryptions to make the victim's files inaccessible. These threats then to demand a ransom payment from the victim to supposedly restore the victim's data. The Guvara Ransomware, like other encryption ransomware Trojans, targets the user-generated files, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Guvara Ransomware’s Ransom Demand
The Guvara Ransomware will deliver a ransom note in the form of a text file (and often HTML or HTA files). These ransom notes contain a message for the victim, demanding the payment of a ransom using a cryptocurrency in exchange for the decryption key required to restore the affected data. Computer users must refrain from paying the Guvara Ransomware ransom amount. Criminals will almost never help victims restore their files after a malware attack. In most cases, victims that go ahead and pay the ransom amount may find themselves the target of additional tactics or attacks since they have having shown a willingness to pay and contact the criminals.
Protecting Your Data from Threats Like the Guvara Ransomware
The best protection against threats like the Guvara Ransomware is to have backup copies of your data stored in a safe location. Having file backups ensures that the criminals responsible for the Guvara Ransomware have no leverage to demand a ransom payment. Apart from file backups, the use of a reliable security program that is fully up-to-date can prevent infections like the Guvara Ransomware from carrying out their attacks in the first place.