Gwisin ransomware has been increasing the number of its attacks around the world. Asian countries, such as Korea, have been the target of an unprecedented wave of Gwisin ransomware attacks.
Unlike other ransomware, Gwisin chooses and studies its victims very carefully. Each of them unknowingly undergoes a detailed analysis before being attacked.
Gwisin ransomware is distributed in MSI installation file format and then the means of spreading the virus becomes customized for each victim. This is exactly why it takes time to study the target before the attack.
Able to infect both Windows and Linux operating systems, Gwisin has spooked experts by its rather high infection speed. The support for file encryption even without safe mode has also caught the attention of experts.
Once the encryption process is complete, the infected files gain an extension with the company’s own name.
The operatives then leave a ransom note called “Restore-My-Files.txt” in the environment. In the same file, the victim will find the step-by-step instructions to contact the group responsible for the attack and recover their data. The amount of the ransom will also be mentioned, usually ranging around 0.005BTC (approximately $120.00USD).
Although many victims will agree to pay the ransom, this is not recommended practice as hackers are criminals who offer no real guarantees for the return of stolen data.
After suffering an attack, a company or institution needs to be very well monitored. For this, you can count on Digital Recovery.
Digital Recovery is a data recovery company with an experience of over 23 years in the market. Our experts have developed innovative ways to recover data encrypted by ransomware.
Our solutions allow us to recover files that have been encrypted on databases, servers, storage devices, RAID systems, virtual machines and other systems.
All these solutions can also be executed remotely and adopted quickly and securely in any company in the world.
Knowing that confidentiality is essential for any organisation that has been hacked, we have established a confidentiality agreement (NDA) that we make available to all our clients.
We can begin the recovery process immediately; simply call us and request an advanced diagnostic.