Security News GPAA Ransomware Shows the Depravity of Some Ransomware Developers

[LASER_oneXM]

...some notes from the article above:

What you need to know about the GPAA Ransomware
Fabian Wosar of Emsisoft has looked into this ransomware and has determined that it is not able to be decrypted for free. Therefore, please restore from backups or try restoring from shadow volume copies if at all possible so you do not have to pay these people.

I have been following ransomware since they first started becoming popular in 2012 (ACCDFISA) and 2013 (CryptoLocker). For the most part, ransomware developers create generic ransom notes that provide information as to what has happened and payment instructions on how to get files back.

A few times we have seen some really scumbag moves by developers, such as Popcorn Time telling victims to infect other people to possibly get a free decryption key. Today, though, Michael Gillespie discovered a ransom note uploaded to ID-Ransomware that simply left me disgusted.

This ransom note is titled "Save Children" and shows a picture of a starving 2 year old Nigerian orphan who was being given aid by humanitarian worker. This note then goes on to say that the ransomware victim is now part of the fictitious GPAA, or Global Poverty Aid Agency, which they state is a crowdfunding campaign to raise 1000 bitcoins to save children.

 

[Der.Reisende]

I wonder whether they really share the "donations" received...
I doubt it a bit...

Thank you for the share @LASER_oneXM, read about that one on Twitter (MalwareHunterTeam channel) today.

For those interested, our never sleeping @silversurfer tracked down a sample of it: https://malwaretips.com/threads/gpaa-ransomware.72515/