Gaze Ransomware Will Encrypt Your System

During our investigation of malicious file samples, our team recently discovered a new variant of the Djvu ransomware family called Gaze.

Gaze operates by encrypting data and adding the ".gaze" extension to the files it targets. Following the encryption process, the ransomware leaves behind a ransom note named "_readme.txt".

Gaze adopts a specific file renaming approach where it modifies names like "1.jpg" to "1.jpg.gaze" and "2.png" to "2.png.gaze". Being part of the Djvu family, Gaze is often found in conjunction with other malicious software like RedLine, Vidar, and information stealers. Upon analyzing the content of the ransom note, we discovered that its primary purpose is to provide instructions for contacting the attackers and arranging a partial payment. The "_readme.txt" file includes two email addresses: support@freshmail.top and datarestorehelp@airmail.cc. Moreover, the ransom note outlines two different ransom amounts: $980 and $490.

The note explicitly states that victims have the opportunity to obtain the decryption tools, including the required software and key, at a discounted rate if they initiate contact with the attackers within a specific 72-hour timeframe.

Gaze Ransom Note Escalates Ransom in 72 Hours

The full text of the Gaze ransom note reads as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-sD0OUYo1Pd
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

How is Ransomware Like Gaze Commonly Distributed Online?

Ransomware like Gaze is commonly distributed online through various methods that exploit vulnerabilities and human behavior. Here are some common distribution methods:

• Phishing Emails: One of the primary methods for ransomware distribution is through phishing emails. Attackers send deceptive emails pretending to be legitimate organizations or individuals, often with malicious attachments or links. Once the victim opens the attachment or clicks on the link, the ransomware payload is downloaded and executed.
• Malicious Websites and Malvertising: Ransomware can be distributed through compromised or malicious websites. Visiting such websites or clicking on malicious ads (malvertising) can lead to the unintentional download and execution of ransomware. Exploit kits hosted on these websites can identify vulnerabilities in software or web browsers to deliver the ransomware payload.
• Exploit of Software Vulnerabilities: Ransomware operators frequently exploit vulnerabilities in software, operating systems, or applications to gain unauthorized access to systems. They take advantage of unpatched or outdated software to deliver the ransomware payload, which can be executed silently without user interaction.
• Drive-by Downloads: Drive-by downloads occur when malicious code is injected into legitimate websites without the knowledge or consent of the website owner or visitors. Simply visiting an infected website can initiate the download and execution of ransomware, exploiting vulnerabilities in the visitor's browser or plugins.