Cyberspace is always crammed with new malware scripts. From data exfiltration to ransomware, cybercriminals are working in every direction to inflict losses to organizations and end users. In the last couple of years, ransomware has become a leading cyber threat. For that reason, some malware hunters dedicatedly look for cryptovirological strains in the cyberspace so that ransomware removal measures can be devised in time to neutralize this cyber threat.
In the last week of October, malware hunters have discovered a new ransomware strain that goes with the name GusCrypter. The experts have taken this name from the executable file ‘GusCrypter.exe’ of the cryptovirological strain that contains its payload and is most likely to be distributed through phishing emails. The encrypted files are appended by the extension ‘GUSv2’. It also indicates that the newly discovered strain might be a new variant of some existing ransomware family.
As per the initial investigations, GusCrypter ransomware is using military-grade AES 128 bit encryption module to lock down the information on the targeted computers. The malicious activity of GusCrypter starts from Windows Registry files where the strain makes changes to convert its exe file into an auto-executable format. This means abruptly switching off the device in the middle of the attack won’t help in stopping its encryption activity. As soon as the device will be switched on, the encryption will start from where it stopped.
After the completion of encryption, a ransom note in HTML file format appears on the desktop screen. The note is short and simple and doesn’t talk about the extortion amount attackers are asking for the ransomware removal. The attackers have asked the targeted users to contact them for negotiating the extortion amount and also boasted that only they possess the decrypter for ransomware removal. Professional ransomware removal experts can neutralize encryption activity of some of the strains that use AES encryption module. So get in touch with professionals if you are a victim of GusCrypter ransomware.
