FANDOM


GPAA Ransomware - Ransom or Donation?03:22

GPAA Ransomware - Ransom or Donation?

GPAA Ramsomware is a ransomware using Cerber v6 on Microsoft Windows.

Summary

This ransomware, when run, will encrypt files and leave the 'ransom note' which is an HTML, in every folder. In the ransom note, the malware will claim to be part of the 'Global Poverty Aid Agency', and will ask the user for Bitcoin to decrypt the files. 

It claims that once 1000 Bitcoins (around $2.7 million USD at the time of the release of the ransomware) have been achieved, a decryption key will be sent to a certain email, which can be claimed with a provided password. 

Trasmission

This ransomware is able to spread through infected emails, BitTorrents, and compromised websites. According to Enigma Software, 98 computers have been infected.  

Ransom Note

The Bitcoin cost can vary on different computers.

Congradulations! Now you are a member of GPAA(Global Poverty Aid Agency).
We need bitcoins,our crowdfunding goal is to get 1000 BTCs. 1 BTC for 1 CHILD!


>> Click Here To Buy Bitcoins <<

Q: What happened?
A: Ooops, your important files are encrypted.It means you will not be able to access them anymore until they are decrypted.
These files could NOT be decrypted if you do not have the KEY(RSA4096).

Q: How can I get the decrypt programme?
A: Your task is    <bitcoin> btc.
Send the correct amount to the bitcoin address 
19ZLfCEpxdskvWGLLhNUnM6dUG7yikhz2W
You can send more coins.When the goal is achieved,you will get the decrypt programme.
Use your phone to pay it


Q: Where to get the decrypt programme?
A: When the goal is achieved,we will send it to sc19ZLfCEpxdskvWGLLhNUnM6dUG7yikhz2W@outlook.com 
(You may register it first with the specified password: Save1000Children!!! ).

Q: What should I do?
A: Time waits for no man.

Information

SHA256 hash:

7c5849d841df34c7e2da3447d2005b5cdc6b8207fa55ee0935ee0eed3f5c8285

Associated Bitcoin address:

19ZLfCEpxdskvWGLLhNUnM6dUG7yikhz2W

Targeted file types:

.123, .3dm, .3dmap, .3ds, .3dxml, .3g2, .3gp, .602, .7z, .accdb, .act, .aes, .ai, .arc, .asc, .asf, .asm, .asp, .assets, .avi, .backup, .bak, .bat, .bdf, .blendl, .bmp, .brd, .bz2, .c, .c4dl, .catalog, .catanalysis, .catdrawing, .catfct, .catmaterial, .catpart, .catprocess, .catproduct, .catresource, .catshape, .catswl, .catsystem, .cdd, .cgm, .class, .cmd, .config, .cpp, .crt, .cs, .csr, .csv, .dae, .db, .dbf, .dch, .deb, .der, .dif, .dip, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .edb, .eml, .fbx, .fla, .flv, .frm, .gif, .gl, .gl2, .gpg, .gz, .h, .hpgl, .hwp, .ibd, .icem, .idf, .ig2, .igs, .ipt, .iso, .jar, .jasl, .java, .jpeg, .jpg, .js, .jsp, .key, .lay, .lay6, .ldf, .library, .m3u, .m4u, .mal, .max, .maxl, .mb, .mdb, .mdf, .mid, .mkv, .mml, .model, .mov, .mp3, .mp4, .mpeg, .mpg, .msg, .myd, .myi, .nef, .obj, .odb, .odg, .odp, .ods, .odt, .onetoc2, .ost, .otg, .otp, .ots, .ott, .p12, .paq, .pas, .pdf, .pem, .pfx, .php, .pl, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .ps, .ps1, .psd, .pst, .rar, .raw, .rb, .rtf, .sch, .session, .sh, .sldm, .sldx, .slk, .sln, .snt, .sql, .sqlite3, .sqlitedb, .stc, .std, .step, .sti, .stp, .stw, .suo, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tdg, .tgz, .tif, .tiff, .txt, .unity3d, .uop, .uot, .vb, .vbs, .vcd, .vdi, .vmdk, .vmx, .vob, .vsd, .vsdx, .wav, .wb2, .wk1, .wks, .wma, .wmv, .wrl, .xl, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .zip, .xmind, 

References

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.