Warning: Dangerous New Ransomware Attacks


November 6, 2017

GIBON is a new type of ransomware that first emerged on the scene last week and has since been utilized in a wide range of cyber-attacks. The main way this GIBON-variant is spread is by malspam with an attached malicious document, which contain macros that will download and install the ransomware on a computer. This means that through phishing emails, users are tricked or induced into opening a file containing the ransomware, called GIBON after a phrase that appears several times in the code. If the user follows through and opens the attached file, the ransomware then takes over.


We are still working to discover all the details on how GIBON is distributed, we do know that when it is first started, it will connect to the Command and Control Server for the ransomware register a new victim by sending a base64 encoding string with the timestamp, the register string, the version of Windows. Basically, this means it is telling Command Central that your computer is a new victim and has not been infected before.

Once it has locked into your system, it begins to encrypt all your files, regardless of extension. Only the Windows folder is safe. For each file that is encrypted, it will make a READ_ME_NOW.txt file, providing instructions for what you should do and how to get your files back. It instructs the victim to send emails to [email protected] or subsidiary: [email protected] for instructions on payment.

The good news is that there is a decryptor available from BleepingComputer.com to counter this version of ransomware. You still want to be vigilant in protecting yourself and your data on a daily basis. Some things to remember are:

  • Backup that data. You can never backup too often.
  • If you don’t who is sending an attachment, don’t open it.
  • If it appears to be from someone you know, verify that they sent you one before opening.
  • Install Windows updates as soon as you see them available. They are there for a reason.
  • Make sure you are using passwords and don’t use the same password on multiple sites or more than once.

Unfortunately, no matter how strong the security solutions, attacks will continue to slip through the cracks. Therefore, MSPs and MSSPs who are looking to fully-protect their clients must implement a proper, reliable backup and disaster recovery (BDR) solution with online and offline backup solutions as the ultimate failsafe against successful attacks. Your data is important, don’t let some hacker take it away.

We're Integris. We're always working to empower people through technology.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...