A new ransomware modification dubbed GIBON is now reportedly being sold by cybercriminals on the dark web for $500 (£380). The ransomware was uncovered last week and was reportedly found actively being distributed via a phishing campaign.
GIBON functions as any other traditional ransomware, decrypting victims’ data and demanding a ransom. An advert for the ransomware on dark web allegedly claims that it is impossible to decrypt. However, this is not true. Fortunately, a decryptor for GIBON is already available, Bleeping Computer has reported.
Cybercriminals allegedly began selling GIBON in May. However, apart from last week’s campaign, there appears to be little activity. This may indicate that the ransomware may not have been sold to many people. The ransomware may have ties to Russia, ZDNet reported. GIBON’s logo is reportedly based on a logo design of a Russian television firm.
The instructions to victims on how to go about making ransom payments also include directions to contact a bunch of Russian (mail.ru) email addresses. Bleeping Computer reported that the advertisement for GIBON is also available in Russian, alongside translated copies. This indicates that the rasomware’s operators may be Russian.
In the wake of the recent historic takedown of AlphaBay and Hansa – two of the largest and most prominent dark web markets, the underground cybercrime communityappears to be devolving. Some dark web administrators in the Russian cybercrime community in particular, have previously expressed concerns over the increased attention the dark web now appears to get from law enforcement authorities. Last month, four major dark web markets including Dream Market and Tochka went mysteriously offline, sparking fears of a potential police crackdown.