Uncategorized

Ranstop blocks Gerber ransomware

Test subject – Gerber ransomware

Distributed via spam email campaigns and malicious links, Gerber is back with a new variant, after a very busy December. At least 5 variants were discovered only this month and no decrypting tools were released for any of them. All variants target all versions of Windows, encrypting files using AES-265 and RSA encryption method.

Gerber ransomware test facts

As soon as it’s executed, the ransomware will start scanning all available drives for files (including network shares) and then slowly encrypt them. The slow encryption is probably part of its anti-evasion mechanism, as fast encryption will raise suspicion for both the user (slowing down the system) and installed anti-malware solutions. All important productivity documents (.doc, .xls, .pdf, etc.) are encrypted, among a few system files and files used by applications to run smoothly. The ransomware appends some text to each attacked files, ending with the “gerber5” extension. Once done, Gerber will replace the desktop background and drop the ransom note, while also opening an app displaying the same ransom note.

Reports say that the cybercriminals demand between $500-$1500 (in Bitcoin) to recover the files. At this time, it’s not possible to recover the files without receiving a decryption key by paying the ransom. Trying to decrypt the files by brute force techniques is theoretically possible, but highly unrealistic due to the time required to find the key (can take many years, even with powerful computers). The best way to defend your data is to prevent such events, by using dedicated anti-ransomware solutions.

Gerber ransomware test results

TEMASOFT Ranstop detects this version of Gerber ransomware soon after it starts encrypting files. Upon detection, alerts are fired off, and the malware process is stopped and quarantined. The affected files are automatically restored so that the user doesn’t lose any important information.


Click here to watch TEMASOFT Ranstop blocking Gerber ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.


 
 

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023