Home Malware Programs Ransomware '.gamma File Extension' Ransomware

'.gamma File Extension' Ransomware

Posted: September 17, 2018

The '.gamma File Extension' Ransomware is a variant of the Crysis Ransomware, a file-locking Trojan whose production and distribution uses a Ransomware-as-a-Service model. Criminals can introduce these threats to your PC by several means, including e-mail attachments and brute-force attacks prominently, after which the programs encrypt your media for ransom money. Withhold the ransoms if possible, keep dedicated backups for recovering any data, and have a suitable anti-malware program uninstall the '.gamma File Extension' Ransomware.

File Ransoms are Falling for Fall

The Ransomware-as-a-Service's boom is staying steady with new releases in families like the Scarab Ransomware and, more relevantly for most Western businesses, the Globe Ransomware and the Crysis Ransomware, all of which include English-based business networks in their lists of potential victims. The newest version of the Crysis Ransomware that malware experts are examining, the '.gamma File Extension' Ransomware, provides a view of how few resources a criminal requires for enacting a successful campaign of blocking files for money. In this case, even the negotiating contact uses nothing more unconventional than a free AOL e-mail account.

The '.gamma File Extension' Ransomware includes support for some of the most typical encryption standards, such as AES, Blowfish, and RSA for locking the user's files, which includes media formats like documents, spreadsheets, pictures and audio, and also may encompass any network-shared drives or portable storage devices. The Trojan runs this attack as a background process in memory without creating any UI for the victim to notice. Once the '.gamma File Extension' Ransomware finishes locking a file, it changes its name by creating an ID number, the AOL address for ransom negotiations and the '.gamma' extension.

The threat actor hasn't modified the ransom-delivering process significantly, which uses both a pop-up and a text message for carrying its demands to the user. While the free sample of the decryption tool may be helpful, malware experts caution against paying for the 'complete' service, which the threat actor may withhold after accepting the money. Bitcoin transfers require consent from both parties for refunding, which makes the '.gamma File Extension' Ransomware's chosen payment method an ideal currency for committing fraud.

Shrugging Off an Upcoming Crook's Gamma Waves

While the '.gamma File Extension' Ransomware, at under one hundred kilobytes, is very portable, malware experts have yet to catch any other threats empowering its distribution or note its current means of introduction to new systems. As usual with any version of the Crysis Ransomware, from the just-as-new 'paydecryption@qq.com' Ransomware to the aged Cobra Ransomware, the Wallet Ransomware, and entries from the Dharma Ransomware branch, this threat is more likely of attacking the networks of for-profit entities with valuable data worth ransoming. However, recreational users are no less at risk and may find that their most important, personal files are locked permanently.

You may avoid currently-in-vogue infection methods with the following:

  • Change your login passwords from their defaults and use ones of sufficient complexity, including varying the casing and using both alphabetic and numerical characters.
  • Always double check e-mail attachments for possible tactics, including ones that disguise themselves as financial notices or office communications. Document-based exploits are traditional infection vectors for file-locker Trojans.
  • Avoid illicit download resources and disable any high-risk features, such as JavaScript and Flash, while browsing any potentially unsafe sites.

Having backups from before an infection is the only way of guaranteeing that you can recover any files. However, almost all professional anti-malware programs should delete the '.gamma File Extension' Ransomware promptly, like most updates of the Crysis Ransomware.

Any remote attacker depending on AOL for their extortion negotiations isn't likely of being very experienced, but, unfortunately, you don't need to know much about programming to cause damage with the '.gamma File Extension' Ransomware and other, construction kit-based threats.

Loading...