Home Malware Programs Ransomware Guvara Ransomware

Guvara Ransomware

Posted: April 15, 2019

The Guvara Ransomware is one of the latest incarnations of the now notorious ransomware family known as the 'STOP Djvu' Ransomware. Security experts discovered this “v065” (presumably the 65th iteration of the malware) on 04.11.2019, and by all means, it seems to be a direct descendant of the STOP Djvu Ransomware with some tweaks. It, along with its “litter-mate” - the so-called Etols Ransomware, is a direct descendant of the STOP Ransomware and share a lot of traits with said older ransomware, although they differ in details. The Guvara Ransomware’s most notable defining feature seems to be that after it encrypts the user’s files, it appends them with '.guvara.'

Although the STOP Djvu Ransomware has been known to IT security specialists for more than a year, attacks using it or variants of it were only reported as far back as the end of 2018. Back then, its main vectors of attack were corrupted spam emails containing compromised attachments that triggered macro-enabled office documents or fake PDF files to run the ransomware in the background of the victim's device. The ransomware is in the habit of deleting all the Shadow Volume snapshots to make file recovery through backups impossible, after which it sets out to encrypt all of the victim's relevant files. The Guvara Ransomware also seems to have a connection to the following emails: 'vengisto@india.com' and 'vengisto@firemail.cc.' PC users are counseled to use data backups and cloud storage service as protection and recovery mechanisms.

Loading...