Gyza Ransomware Locks Systems
The ransomware variant known as Gyza, identified through an analysis of new malware samples, is connected to the Djvu family. Gyza encrypts files, adds a specific extension, and delivers a ransom note named "_readme.txt."
Significantly, it alters filenames by appending the ".gyza" extension, transforming, for instance, "1.jpg" into "1.jpg.gyza" and "2.png" into "2.png.gyza." Given its affiliation with the Djvu family, there's a notable possibility that Gyza is distributed alongside information stealers such as Vidar or RedLine.
The ransom note declares the encryption of various files, including images, databases, and essential documents. Victims are directed to acquire a decryption tool and a unique key to restore access to their files. The note provides reassurance by allowing victims to submit one encrypted file for a complimentary decryption if the file lacks valuable information.
Obtaining the private key and decryption software comes with a price tag of $980, but there's a 50% discount offered if victims contact the attackers within the initial 72 hours, reducing the cost to $490. Victims can communicate with the cybercriminals through the provided email addresses: support@freshmail.top and datarestorehelp@airmail.cc.
Table of Contents
Gyza Ransom Note in Full
The complete text of the Gyza ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-CDZ4hMgp2X
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can You Protect Your Data from Ransomware?
Protecting your data from ransomware requires a combination of proactive measures and ongoing vigilance. Here are several steps you can take to safeguard your data:
Backup Regularly:
Frequently back up your important data to an external hard drive, cloud storage, or a secure offline backup. Ensure that your backup is not directly accessible from the network to prevent ransomware from infecting it.
Update Software:
Keep your operating system, antivirus software, and all applications up to date. Regularly applying security patches helps protect against vulnerabilities that ransomware might exploit.
Use Antivirus and Anti-Malware Software:
Install reputable antivirus and anti-malware software and keep it updated. These tools can help detect and prevent malicious software, including ransomware, from infecting your system.
Educate Employees or Family Members:
Train everyone who uses your computer network about the dangers of phishing emails, suspicious links, and the importance of not downloading attachments from unknown sources.
Exercise Caution with Emails:
Be cautious when opening emails, especially those with attachments or links. Verify the sender's identity, and avoid clicking on links or downloading attachments from unknown or suspicious sources.
Use Email Filtering:
Implement email filtering solutions to block or filter out emails with malicious attachments or links. This can reduce the likelihood of users accidentally activating ransomware.