Gucci Ransomware

ransomware

The Gucci Ransomware has not any noteworthy differences when compared to other ransomware threats from the Phobos Ransomware family. The major details that make the Gucci Ransomware different from other ransomware threats from that family are the email address they provide for communication and the extension it adds to the enciphered files.

When inside the targeted computer, the Gucci Ransomware initiates its main function, which is to encrypt and lock almost all of the user's files effectively. The file types affected by the Gucci Ransomware are crucial file types, such as documents, PDFs, photos, videos, databases, etc. The Gucci Ransomware appends the file extension '.GUCCI' to the original filename of every encrypted file. It also displays a text file named 'info.hta or info.text.' in any folder that contains the damaged data. The ransom note will instruct the victims of the Gucci Ransomware on what they need to do to recover the damaged data.

As stated in the ransom note, the Gucci Ransomware employs a very strong encryption technology, which means that only the hackers possess the decryption key that will restore the user's files. The ransom amount demanded is not disclosed and they say it will depend on how fast the victims will contact them. However, the ransom must be delivered in Bitcoin.

The full text of the Gucci Ransomware's ransom note is:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them:
write us to the TOX messenger: tox: CD54A20BCCDAA8209805BB8D4BDE15D542A66CF6E155783ECBE7549D0D6FBD0A59C16E9FD95C
You can download TOX messenger here hxxps://tox.chat/
Write this ID in the title of your message –
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us 1 file for free decryption. The total size of files must be less than 5Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
We also want to notify you that the most important data of your company was copied by us, but we guarantee the confidentiality of private information and information about this incident in case of successful cooperation. Otherwise, we reserve the right to monetize our services by selling your information at specialized auctions.'

By Tova
May 6, 2022
May 6, 2022