Gendarmerie Ransomware–Threat In Detail
Gendarmerie is a file-encrypting crypto-virus that is a variant of HiddenTear open-source project. This ransomware detected encrypts files on the targeted computer system and append “.Hacking” extensions to the encrypted files. Gendarmerie ransomware leaves a random note in french named as “Message_Important.txt” after encrypting the files and instructs user on how to proceed with the payment process. In any such case, paying ransom is not recommended and users are urged to try restoring the files through other means.
|Description||Gendarmerie Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.|
|Occurrence||spam mail attachments., exploit kits, malicious links and java script codes..|
|Possible Symptoms||The ransom note can be seen on desktop and other file directories and files could not be accessible.|
|Detection Tool||Download the Detection tool– To confirm attack of Gendarmerie Ransomware virus on your computer.|
Gendarmerie Ransomware is distributed through spam mail attachment as a malicious script containing the payloads of the malware which if executed by the user could install the threat onto the computer system. Many cyber-criminals uses spam techniques to trick users by heading the mail as any invoice or shipment. Other sources might include visiting infected websites containing java script codes, exploit kits and spam bots. As you open the document or click the link, the payloads of Gendarmerie Ransomware named as gendarmerie_crypter gets downloaded on the system and installed without any user’s permission. If the user open/execute this file on their device, then the virus gets installed and your PC will become infected with Gendarmerie file-encrypting Ransomware threat.
More about Gendarmerie Ransomware
Gendarmerie Ransomware is a file-encrypting program that searches for important files on the victim’s PC and renders them non-accessible to users. And further ask users to pay the ransom to get the decryption key and unlock the files.
The ransomware changes the windows Registry entries to launch each time the window’s starts and takes up huge system resources to encrypt the files. Gendarmerie Ransomware drops file named as: “Message_Important.txt”
The files contains the ransom note and instructions for users on how to contact the authors of the ransomware and get their files back.
The ransom Note says:
instruction à faire pour récupérer la clé de décryptage de vos fichiers crypter
email de contact : email@example.com
1) acheter des coupons neosurf de 100€ ,euros .
2) vous pouvez acheter les coupons neosurf ici https://www.recharge.fr/carte-neosurf
3) vous pouvez aussi acheter les coupons neosurf ici https://www.neosurf.com/fr_FR ou dans les bureaux de tabac
4) dès que je reçois les coupons neosurf ,je vous envoie la clé de décryptage par email.
Contact Email : firstname.lastname@example.org
The ransom note by Gendarmerie virus states that your documents has been encrypted and you need to pay a ransom in Bitcoins to get back your files. The ransom demands varies for the user and the victims should contact with the provided email address as soon as possible.
List of file extension encrypted
→.txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb.sln.php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, .wav, .sav, .gam, .log, .ged, .msg, .myo, .tax, .ynab, .ifx, .ofx, .qfx, .qif, .qdf, .tax2013, .tax2014, .tax2015, .box, .ncf, .nsf, .ntf, .lwp
Gendarmerie Ransomware uses AES encryption algorithm to encrypt data and appends .Hacking extensions to it. The crypto-malware ensures that the user could be able to recover the files from shadow volume copies, so it deletes the files by executing the command
→vssadmin.exe delete shadows /all /Quiet