Tuesday, November 21, 2017

Gibon Ransomware Analysis

TLP AMBER ANNOUNCEMENT:
 
Wapack Labs analysts recently observed a handful of Gibon malware samples in the wild and are providing this report in the event the malware becomes more widespread. Gibon is a new ransomware family named due to its USER-AGENT and name in the specimen’s ASCII strings. The malware was originally marketed on May 11 and 12 to several hacker forums for $500. Advertised functionality includes recursive encryption of all files that are on the computer, a README.txt file with instructions to the victim, and encryption/decryption keys which are sent to the admin panel and used for decryption. It is delivered via spam emails with a link to download a Microsoft Word document...READ MORE

Wapack Labs has cataloged and reported on ransomware variants in the past. An archive of related reporting can be found in the Red Sky Alliance portal.

This TLP AMBER report is available only to Red Sky Alliance members.