Gyew Ransomware is Based on Djvu Code
Our examination of recently discovered malware samples has uncovered the Gyew ransomware variant. Furthermore, it has been identified that Gyew is linked to the Djvu malware family. This particular ransomware variant operates by encrypting files, adding the ".gyew" extension to their names, and leaving a ransom note named "_readme.txt" in the affected system.
Illustratively, Gyew alters filenames by transforming "1.jpg" into "1.jpg.gyew," "2.png" into "2.png.gyew," and so forth. The ransom note asserts that numerous files, encompassing images, databases, and crucial documents, have undergone encryption. To restore access to these files, victims are directed to obtain a decryption tool and a unique key. The note offers reassurance by permitting victims to submit one encrypted file for complimentary decryption, provided the file lacks valuable information.
The cost for obtaining the private key and decryption software is set at $980. However, there is an opportunity to avail a 50% discount if victims reach out to the attackers within the initial 72 hours, effectively reducing the cost to $490. Victims can establish communication with the cybercriminals through the provided email addresses: support@freshmail.top and datarestorehelp@airmail.cc.
Gyew Ransom Note Demands $490 in Payment
The complete text of the Gyew ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-CDZ4hMgp2X
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How is Ransomware Usually Distributed Online?
Ransomware is typically distributed online through various methods, and attackers often employ multiple techniques to increase the likelihood of success. Here are common ways ransomware is distributed:
Phishing Emails:
One of the most common methods is through phishing emails. Attackers send emails containing malicious attachments or links that, when clicked, download and execute the ransomware on the victim's system.
Malicious Email Attachments:
Ransomware can be hidden in email attachments, such as executable files, PDFs, or Office documents. Once the attachment is opened, the ransomware is unleashed.
Infected Websites:
Visiting compromised or malicious websites can lead to the automatic download and installation of ransomware. This often happens through exploit kits that take advantage of vulnerabilities in the user's browser or plugins.
Malvertising:
Malicious advertisements, or malvertisements, on legitimate websites can redirect users to sites that host ransomware. Clicking on these ads may trigger the download and installation of the ransomware.
Drive-By Downloads:
Ransomware can be delivered through drive-by downloads, where malware is automatically downloaded and installed on a user's device without their knowledge or consent when they visit a compromised website.
