Home Malware Programs Ransomware Gedantar Ransomware

Gedantar Ransomware

Posted: April 2, 2018

The Gedantar Ransomware is an update of the file-locking Trojan, Unlock92 Ransomware. It continues attacking data by encrypting it and using the attack for justifying its ransoming demands, which ask for money for giving users the decryption keys. Users can back up their work to protect it and should secure their computers by having an appropriate anti-malware program delete the Gedantar Ransomware at the earliest opportunity.

Old Trojans and Even Older Misdeeds Conducting Themselves with New Names

The .NET Framework Trojan of the Unlock92 Ransomware is experiencing an update with the Gedantar Ransomware, which, despite its name change, still uses e-mail with the old version's 'brand' name. Although the Gedantar Ransomware has a different pattern for changing the names of the files that it impacts, malware experts are noting few significant changes between it and the first threat. Like the Unlock92 Ransomware, the Gedantar Ransomware uses encryption for data-locking purposes and accompanies it with a simple, extortionist message.

Malware experts are confirming that the Gedantar Ransomware's campaign still targets Russia, just like Unlock92 Ransomware, and conveys its ransoming instructions in Cyrillic text. Victims may compromise their PCs by downloading files from file-sharing networks, such as torrents, by visiting corrupted websites that host exploit kits (such as the recently-active Nebula Exploit Kit), or by opening e-mail attachments.

The Gedantar Ransomware uses RSA-based encryption for locking different files on the user's PC. Besides the usual targets, such as Word documents or JPG pictures, the Gedantar Ransomware also may block slightly more niche formats, including archives, CD-based storage and graphics projects. The Gedantar Ransomware tags the filenames with an extensive renaming pattern that preserves the original text, but also adds eight random characters and its extension.

The Gedantar Ransomware also copies the Unlock92 Ransomware's Russian ransom message in its entirety, which asks for negotiations through a TOR website and a free e-mail address.

Recognizing Outdated Trojans Swapping Names

At first, a limited number of anti-malware programs were identifying the Gedantar Ransomware as being a threat, but incoming updates to their threat databases are increasing positive detection rates. There is a free decryption utility for Unlock92 Ransomware that helps its victims restore their files, although further updates are necessary for accomplishing similar recoveries with any media that the Gedantar Ransomware encrypts. Regardless of the availability of free decryption options, malware analysts encourage backing up all your work securely, for keeping any file-locking Trojan from being a potential hazard.

The Gedantar Ransomware may delete the Shadow Copies and other backup information that's available for access. Storage methods such as detachable USB drives and password-protected cloud servers can reduce the possibility of this Trojan accessing any data and removing all chances of recovering what it encrypts. Most anti-malware products should remove the Gedantar Ransomware immediately and keep its attacks from loading.

Although Russian Windows users may avoid the Gedantar Ransomware by switching to a different OS, Trojans with similar payloads are in production for most operating systems. The Gedantar Ransomware is symptomatic of the continuing profitability of exploit PC owners who aren't taking bare minimum steps for protecting their data.

Loading...