A new enemy has made waves in the cyber domain. The threat has been classified as a ransomware known as GMPF Ransomware. Like traditional ransomware, it hacks computers and demands money for ransomware removal. The ransomware was noticed during October 2018 and utilizes both the RSA and AES cryptographic algorithms for encryption of data. Some experts believe it to be a part of the notorious Matrix Ransomware family, which is known for attacking quite a few businesses in 2016.
GMPF ransomware appends “.GMPF” extension to the locked files, which in turn makes them inaccessible. As the basic objective of the ransomware is to blackmail users and extort money from them for ransomware removal, it places a ransom note after succeeding in its operation. There can be a single note or multiple ransom notes. The number depends upon the number of locked files, and each folder of the locked resource gets its own note. The file format of the note varies— sometimes it is RTF and sometimes it is a simple .txt document.
Like his alleged predecessors, the ransomware is being created to make use of extremely sophisticated and powerful cryptographic algorithms, RSA-2048 and AES-128. When the encryption and other activities are run by the ransomware, its own code modifies continuously where the two algorithms act as the last blow to the integrity of the files of the user’s PC files. As a result, these files become inaccessible.
In order to successfully access these files and engage in ransomware removal, a decryption key is needed. When the encryption algorithms work, they send the decryption key to the command-and-control center of the ransomware owners. These keys are promised by the cybercriminals for a clean and quick ransomware removal process in return for money. However, experts discourage trusting cybercriminals because a payment may backfire in the future.