GHAS Ransomware Joins the Ever Growing STOP/Djvu Ransomware Family
Since its discovery in 2018, the infamous STOP/Djvu Ransomware family has continually released new variants, quickly becoming one of the world’s most prominent ransomware gangs. GHAS Ransomware has been uncovered by malware researchers as yet another strain from the group. It is referred to asGHAS based on the ‘.GHAS’ extension it appends to the infected files. The ransomware operates like its counterparts from the STOP/Djvu group and encrypts files before making a ransom demand.
GHAS Ransomware scans a victim’s computer to look for the file formats it is programmed to encrypt. It then targets the files potentially containing valuable information, including databases, spreadsheets, archives, pictures, and videos. Additionally, the GHAS Ransomware operators deliver a ransom note with the information about the ransomware and the hackers’ ransom demands.
The Ransom Demand Associated with GHAS Ransomware
GHAS Ransomware’s operators promise a decryption key to unlock the affected files in exchange for $980. However, they offer a 50% discount if victims establish communication within 72 hours after encryption. The ransom note also urges users to contact the criminals via manager@mailtemp.ch or helpmanager@airmail.cc. GHAS Ransomware’s operators also offer to decrypt one file for free to show they can unlock all the affected files.
How Do I Deal with a GHAS Ransomware Attack?
Although cooperating with hackers seems like an easy way out of this situation, we strongly advise victims not to engage with them. It is better to employ a reputable malware remediation software to scan for and remove GHAS Ransomware. To prevent data loss in the case of another ransomware attack, please consider backing up your data on an external hard drive or virtual cloud storage.
