Gapo Ransomware Will Encrypt Most of Your Files
During our investigation, we came across an identified ransomware known as Gapo. This particular malware utilizes a technique where it encrypts files and modifies their names by adding the ".gapo" extension. Furthermore, it generates a ransom note in the form of a file named "_readme.txt." Our team encountered Gapo while examining different new malware samples.
To illustrate how Gapo alters filenames, let's take the examples of "1.jpg" and "2.png." After the ransomware does its work, these files would be transformed into "1.jpg.gapo" and "2.png.gapo," respectively. It is crucial to note that Gapo belongs to the Djvu ransomware family. This particular ransomware has been observed being distributed by threat actors alongside RedLine, Vidar, and other information stealers.
As mentioned in the ransom note, victims are instructed to establish contact with the attackers using two email addresses: firstname.lastname@example.org and email@example.com. According to the note, victims are required to pay either $980 or $490 to obtain the decryption software and key. There's a special offer mentioned in the note as well, stating that if victims reach out to the attackers within a 72-hour timeframe, they can acquire the decryption tools at a discounted price of $490.
The Gapo Ransom Note Asks for $490
The full text of the Gapo ransomware reads as follows:
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
Reserve e-mail address to contact us:
Your personal ID:
How Can Ransomware Like Gapo Infect Your System?
Ransomware like Gapo is typically distributed online through various methods. Here are some common ways through which ransomware can infect your system:
Email Attachments: Cybercriminals often use phishing emails to distribute ransomware. They send emails that appear legitimate and convincing, containing malicious attachments, such as infected Word documents, PDFs, or ZIP files. Once the attachment is opened, the ransomware is executed on the system.
Malicious Links: Another method is through malicious links embedded in emails, instant messages, or social media posts. Clicking on such links redirects users to websites hosting exploit kits, which then exploit vulnerabilities in the system's software to deliver the ransomware payload.
Drive-by Downloads: Ransomware can also be distributed through compromised or malicious websites. Drive-by downloads occur when users visit such websites, and the ransomware is silently downloaded and installed on their systems without their knowledge or consent.
Malvertising: Cybercriminals may leverage malicious advertisements (malvertisements) on legitimate websites. These ads contain hidden malicious code that, when clicked or viewed, redirects users to websites hosting ransomware or initiates automatic downloads.
Exploiting Software Vulnerabilities: Ransomware can exploit security vulnerabilities present in outdated software or operating systems. Attackers actively search for vulnerabilities and develop exploits to deliver ransomware payloads through these security gaps.