All you need to know about GIBON ransomware

ProofPoint researcher Matthew Mesa discovered a new ransomware called GIBON. This ransomware is currently being distributed via malspam with an attached malicious document.Malware Spam or MalSpam is a malware that is delivered via email messages.


GIBON ransomware distributed by emails

Email has proven to be a highly valuable and highly successful vector for the installation of malware to unsuspecting users. This malspam contain macros that will download and install the ransomware on a computer.

GIBON ransomware will encrypt files and append the .encrypt extension to the file name. For example, a file called test.jpg would be encrypted and named as test.jpg.encrypt.

While encrypting the computer, it will target all files regardless of the extension as long as they are not in the Windows folder and it will also drop ransom note named READ_ME_NOW.txt in each folder that a file is encrypted.

The ransom notes are currently using the emails: [email protected] & subsidiary:[email protected]

 It is currently not known how much ransomware the developers are demanding but the good news is this ransomware may be decryptable.

How to prevent & protect your Computer against GIBON Ransomware :

2017 is almost over and it definitely taught us Ransom ware is here to stay and it’s only getting worse.so, it is important that every computer user, whether you are only using a computer at home or in the enterprise, needs to understand how to prevent, harden, and protect their computer from ransomware.

  • Never download or view attachments from unknown senders. Always treat attachments from known senders as possibly suspicious unless the information has been directly solicited.
  • Never execute executable files. And even if the document advises otherwise, don’t enable Macros within Office products. If there is a doubt, contact the sender prior to opening the attachment to inquire further. 
  • Invest in a good cloud backup strategy with a long restore window because backups on local and network storage could be encrypted.
  • Install an antimalware solution that has ransomware behavior detections.
  • Always install operating system updates. Microsoft releases security updates on Patch Tuesday, which is the second Tuesday of every month, so be prepared to install the updates and reboot your computer on that day.
  • Enable the viewing of file extensions to make it harder for malware developers to trick you into launching their programs.
  • Free downloads from the Internet may also come with a hidden ransomware surprise. So, when downloading programs it is important that you only download from sites that you trust and always read the license agreements.
  • Make sure you use strong passwords to protect your computer from unauthorized access. The goal is to make it hard for attackers, so do not use an easy password like 12345 and instead use a hard one like 1$!4L349dI1%.



Jahnavi M
Vulnerability analyst, Technical Writer, Security Blogger, Co-founder---SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: