GET Ransomware
The GET Ransomware is a file-locking Trojan that's part of the Dharma Ransomware family, a Ransomware-as-a-Service. The GET Ransomware can stop files from opening through encryption, change their names, delete some backups, and deliver ransom notes to the victim. Users with backups on other devices have protection from the encryption, and anti-malware products will block infections or uninstall the GET Ransomware.
Trojans Getting Theirs While the Getting is Good
Due to the Dharma Ransomware family's numbers not tapering down, users can only assume that Ransomware-as-a-Service still is convincing threat actors in the dark Web that they can make easy money by attacking victims without backups. The GET Ransomware, an August variant, shows the same predisposition as its older kindred, like the '.combo File Extension' Ransomware, the Q1G Ransomware, the Rxx Ransomware or the Hlpp Ransomware. While a victim with a backup elsewhere is in minimal danger, those without one should watch for the GET Ransomware infections that block files for money with an all-but-unbreakable cipher.
The most infamous feature in the GET Ransomware's payload is its encryption, which uses AES for locking the system's 'media' files that can include Word or Notepad content, PowerPoint presentations, Excel spreadsheets and pictures such as GIFs and JPGs. Because AES is subject to decryption with minimum difficulty, the GET Ransomware also secures each file with an RSA key. The threat actor 'sells' the unlocking solution that returns the files to normal through ransom notes, which in the GET Ransomware's case, consists of HTA and TXT messages.
Besides a characteristic changing of files' extension for adding part of its name and the ransoming information, the GET Ransomware also has a particularly-crucial feature. It uses CMD commands for deleting the Shadow Volume Copies that form the foundation of the Windows Restore Points, which removes an obvious recovery option. Users can, however, recover their work from offsite backups instead of paying the Trojan's ransom.
Getting Out of a Trojan's Bargaining Situation
Active steps for avoiding the GET Ransomware's encryption attacks are much simpler than reversing them. Users should be highly-alert to possible infection vectors like e-mail attachments, illicit-themed torrents, and COVID-19-themed downloads. Passive defenses, such as choosing appropriate passwords and not lapsing on security updates, also are substantially helpful.
Windows users are the only ones at risk from the GET Ransomware, and the majority of Ransomware-as-a-Service Trojans like it. Some infection attempts may use additional threats for support, including, most popularly, Exploit Kits that can run through website-based content, and Trojan downloaders operating through corrupted documents' macros. In those circumstances, limiting the availability of software features like Java or Flash, and using up-to-date programs, will cut the chances of a drive-by-download.
Although malware researchers recommend the immediate removal of the GET Ransomware, most users should use dedicated anti-malware tools for doing so. Disinfection doesn't remove encryption from the user's files, and backups remain critical for regaining access to the digital media.
As the Crysis Ransomware kit's list of offspring lengthens, the GET Ransomware becomes a single entry in a vast history book. The lesson is the same on each page: those who don't practice backing up will become prey for those who know the value of a stranger's work.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.