Malware News GIBON Ransomware Being Distributued by Malspam

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A new ransomware was discovered by ProofPoint researcher Matthew Mesa called GIBON. This ransomware is currently being distributed via malspam with an attached malicious document, which contain macros that will download and install the ransomware on a computer. Unfortunately, more information about the malspam is currently not available at this time.

We have, though, provided information below on how the ransomware operates and according to Michael Gillespie it does appear to be decryptable. So if you are a victim, please contact us in our GIBON Ransomware Support & Help topic and we will see what we can do.

Why is it called GIBON Ransomware?
When a new ransomware is discovered it is not always easy to come up with a good name for it. Sometimes researchers will use strings found in the executables and other times the malware itself will give us clues as to what we should call it.
Click to expand...

At this time, it is not currently known how much ransomware the developers are demanding. As previously stated, the good news is that this ransomware appears to be decryptable, so be sure to post in our support topic if you become infected with it.

How to protect yourself from the GIBON Ransomware
In order to protect yourself from GIBON, or from any ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.

You should also have security software that contains behavioral detections such as Emsisoft Anti-Malware, Malwarebytes, or HitmanPro:Alert.
Click to expand...
 
  • Like
Reactions: Solarquest, XhenEd, Prorootect and 9 others
D

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Thank you for the share @LASER_oneXM!
The ransomware has already been broken by @ Michael Gillespie, a free decrypter (.encrypt variant) is available for victims:
Michael Gillespie on Twitter
Unbenannt.PNG
Direct Link to the decrypter: https://download.bleepingcomputer.com/demonslay335/GibonDecrypter.zip
 
  • Like
Reactions: vemn, Solarquest, LASER_oneXM and 8 others
TechMech

TechMech

New Member
Nov 4, 2017
1
People should have been already taught about such viruses; and should by now know the risks, an email sent by a stranger is strange enough, so why even bother open a document through one? I honestly think that ICT books should include such tips about how to avoid such viruses; I'm not even talking about books for middle school, but at least for people that are about to graduate, since not everybody will go to computer science. The main idea basically is: Don't ever go to a website that you think is weird, download weird useless applications that you know you'll never even use from a non secure websites, do not even open emails from people you do not know. By the way antivirus' can't detect every virus so make sure you keep them updated and I usually take less than 5 minutes from my day to do a weekly manual virus check, this has also helped me diagnose missing drivers *i'm running on non-genuine since I was a rebel and didn't listen to my dad* also keep track of updates and uninstall useless applications knowing I do not use them; if you do not own a web antivirus then I strongly recommend using firefox, since it doesn't let you enter malicious websites (if you have it enabled)
 
  • Like
Reactions: vemn and Prorootect
Prorootect

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
TechMech said:
People should have been already taught about such viruses; and should by now know the risks, an email sent by a stranger is strange enough, so why even bother open a document through one? I honestly think that ICT books should include such tips about how to avoid such viruses; I'm not even talking about books for middle school, but at least for people that are about to graduate, since not everybody will go to computer science. The main idea basically is: Don't ever go to a website that you think is weird, download weird useless applications that you know you'll never even use from a non secure websites, do not even open emails from people you do not know. By the way antivirus' can't detect every virus so make sure you keep them updated and I usually take less than 5 minutes from my day to do a weekly manual virus check, this has also helped me diagnose missing drivers *i'm running on non-genuine since I was a rebel and didn't listen to my dad* also keep track of updates and uninstall useless applications knowing I do not use them; if you do not own a web antivirus then I strongly recommend using firefox, since it doesn't let you enter malicious websites (if you have it enabled)
Click to expand...

Agree fully with you, I'm on the lookout for constantly, if I open my PC (I'm closing it now, I close it now, so I become 100% secured):)
And people here on MT is also well educated about web dangers, I hope!
 
  • Like
Reactions: vemn
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
Replies
1
Views
1,451
News Archive
Kongo
Kongo
Gandalf_The_Grey
    • +Reputation
    • Like
Meet NoEscape: Avaddon ransomware gang's likely successor
Replies
0
Views
843
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
vtqhtr413
    • Wow
    • Sad
    • Like
LockBit Ransomware Attack Freezes Japan`s Largest Port
Replies
0
Views
1,025
News Archive
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top