How GIBON Ransomware Created a Benchmark for Response Time

By on

We all remember WannaCry and Petya. How could you forget them? Their rampant spread and malicious maneuvers are burned into memory. But there was one upside to the nasty ransomware campaigns – we learned from them. We adapted and we got agile. So when GIBON ransomware came into town, we were ready to rumble.

Meet GIBON: a new ransomware strain currently for sale on dark web forums for $500 USD. (It gets its name due to a user string of “GIBON” when the malware connects to its command-and-control (C&C) server, as well as the ransomware’s administration panel where it calls itself “Encryption Machine GIBON.”)

It makes its way from forums to victims’ devices through phishing emails containing macros that download and execute the malware payload on a victim’s PC. Then, GIBON connects to the C&C server, passing along a base64 encoded string with a timestamp and registers the string in order to record the new victim. Following that, it generates an encryption key, and begins locking up any file it can find on a device only to return them for, of course, a fee paid in cryptocurrency. Once every file is encrypted, the strain reports back to the boss, letting the C&C server know it’s finished so it can timestamp the event and a record of the number of files encrypted. Simple enough.

GIBON, like many ransomware strains, proves that these attacks don’t have to be very complicated in order to be effective. However, that effectiveness has dwindled in recent attack campaigns. In fact, a decryptor is already available for GIBON — which represents a benchmark for our response time to these attacks.

Christiaan Beek, lead scientist and principal engineer at McAfee, says response time is only improving. “The cybersecurity world is indeed responding faster than before, especially after WannaCry, which was another wake-up call… The moment researchers see that a decryptor is available, we go on and continue to hunt down the next one or learn from the previous ones and start innovating or fine-tuning our products.” Beek continues, “Ransomware has sparked and forced the infosec industry to think and innovate about solutions more than other malware-related threats.”

Basically, the industry now more than ever is expediting how cybersecurity professionals adapt to threats and how quickly they apply learnings to the next go around. White hats are becoming faster in the race against cybercrime, and increasing their chances of eventually getting ahead of these threats.

That’s exactly why we created McAfee Ransomware Recover (Mr 2), a new ransomware decryption framework, which will allow for the rapid incorporation of decryption keys and custom decryption logic (when they become available) and gets help to victims of ransomware a lot quicker. That way, we can continue to combat these threats quickly and effectively, and put ourselves in the best position possible to win the fight against cybercrime.

To learn more about GIBON ransomware, and others like it, be sure to follow @McAfee and @McAfee_Labs on Twitter.

Categories: Business
Tags: , ,

Leave a Comment

Similar articles

Educational institutions are data-rich gold mines. From student and employee records to sensitive financial information, schools contain a plethora of data that can be obtained by cybercriminals rather easily due to lack of security protocols. This fact has cybercriminals pivoting their strategies, leading to a recent uptick in attacks on the education sector in the ...
Read Blog
The risk to your family's healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed. That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From ...
Read Blog
Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called "smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by ...
Read Blog