Gapo Ransomware Will Encrypt Most of Your Files

ransomware encrypt key

During our investigation, we came across an identified ransomware known as Gapo. This particular malware utilizes a technique where it encrypts files and modifies their names by adding the ".gapo" extension. Furthermore, it generates a ransom note in the form of a file named "_readme.txt." Our team encountered Gapo while examining different new malware samples.

To illustrate how Gapo alters filenames, let's take the examples of "1.jpg" and "2.png." After the ransomware does its work, these files would be transformed into "1.jpg.gapo" and "2.png.gapo," respectively. It is crucial to note that Gapo belongs to the Djvu ransomware family. This particular ransomware has been observed being distributed by threat actors alongside RedLine, Vidar, and other information stealers.

As mentioned in the ransom note, victims are instructed to establish contact with the attackers using two email addresses: support@freshmail.top and datarestorehelp@airmail.cc. According to the note, victims are required to pay either $980 or $490 to obtain the decryption software and key. There's a special offer mentioned in the note as well, stating that if victims reach out to the attackers within a 72-hour timeframe, they can acquire the decryption tools at a discounted price of $490.

The Gapo Ransom Note Asks for $490

The full text of the Gapo ransomware reads as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-sD0OUYo1Pd
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

How Can Ransomware Like Gapo Infect Your System?

Ransomware like Gapo is typically distributed online through various methods. Here are some common ways through which ransomware can infect your system:

Email Attachments: Cybercriminals often use phishing emails to distribute ransomware. They send emails that appear legitimate and convincing, containing malicious attachments, such as infected Word documents, PDFs, or ZIP files. Once the attachment is opened, the ransomware is executed on the system.

Malicious Links: Another method is through malicious links embedded in emails, instant messages, or social media posts. Clicking on such links redirects users to websites hosting exploit kits, which then exploit vulnerabilities in the system's software to deliver the ransomware payload.

Drive-by Downloads: Ransomware can also be distributed through compromised or malicious websites. Drive-by downloads occur when users visit such websites, and the ransomware is silently downloaded and installed on their systems without their knowledge or consent.

Malvertising: Cybercriminals may leverage malicious advertisements (malvertisements) on legitimate websites. These ads contain hidden malicious code that, when clicked or viewed, redirects users to websites hosting ransomware or initiates automatic downloads.

Exploiting Software Vulnerabilities: Ransomware can exploit security vulnerabilities present in outdated software or operating systems. Attackers actively search for vulnerabilities and develop exploits to deliver ransomware payloads through these security gaps.

May 23, 2023
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.