'.GSupport3 File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | November 11, 2016 |
| Last Seen: | September 10, 2021 |
| OS(es) Affected: | Windows |
The '.GSupport3 File Extension' Ransomware has received attention because it is one of the numerous Globe Ransomware variants that have appeared since October 2016. First released in November, the '.GSupport3 File Extension' Ransomware carries out a typical ransomware attack to extract payments from its victims. Numerous variants of the '.GSupport3 File Extension' Ransomware being distributed simultaneously, making the work of PC security analysts and security software more difficult substantially, when it comes to defeating these threats. Like most other ransomware variants in this family, the '.GSupport3 File Extension' Ransomware is being distributed using corrupted spam email attachments and online ads. The '.GSupport3 File Extension' Ransomware receives its name because, after encrypting its victim's files, the '.GSupport3 File Extension' Ransomware adds the extension '.GSupport3' to each of the encrypted files names.
The Stages Involved in the '.GSupport3 File Extension' Ransomware Distribution
The '.GSupport3 File Extension' Ransomware uses a distribution method that involves several stages. The first stage of the '.GSupport3 File Extension' Ransomware distribution involves computer users opening a corrupted file attachment contained in a spam email message. This document will exploit vulnerabilities in macro functionalities, allowing it to run a corrupted script that downloads and installs a file from a remote server. After downloading this file, the '.GSupport3 File Extension' Ransomware will be executed on the the computer's memory, connecting to its Command and Control server and encrypting the victim's files. The '.GSupport3 File Extension' Ransomware will search the victim's hard drives for files under 50 MB that match a list of file extensions hard coded into the '.GSupport3 File Extension' Ransomware. The '.GSupport3 File Extension' Ransomware will use a strong encryption method to encrypt the victim's files, making them inaccessible and taking them hostage. The '.GSupport3 File Extension' Ransomware tends to target media, photos, documents, and eBooks during its attack.
How the '.GSupport3 File Extension' Ransomware Demands Its Ransom Payment
To demand its ransom payment, the '.GSupport3 File Extension' Ransomware uses a method that has been associated with recent ransomware attacks since Summer of 2016, delivering an HTA file named 'GLOBE.hta,' doing little to disguise the '.GSupport3 File Extension' Ransomware's relationship to the Globe Ransomware. The following is the full text of the '.GSupport3 File Extension' Ransomware ransom note:
'Your files are encrypted!
Your personal ID
[random characters]
Your documents, photos, databases, save games and other important data has been encrypted.
Data recovery is required decipher
To get the interpreter should send to goodsupport@india.com In a message write your personal identifier (you can find it in the beginning of this document).
next, you need to pay fo the interpreter. In a response letter you will receive the address of Bitcoin-wallet to which you want perform the transfer of funds in the amount of 0.8 bitcoin'
Do not Pay the '.GSupport3 File Extension' Ransomware Ransom
PC security researchers strongly advise against paying the '.GSupport3 File Extension' Ransomware's ransom. In many cases, con artists will simply ignore victims or even ask for more money. Most importantly, paying the '.GSupport3 File Extension' Ransomware's ransom allows these people to continue creating these threats and targeting additional vulnerable computer users. Instead, malware analysts recommend that computer users restore their files from a backup. Having reliable backups of all files and updating them regularly is the best protection against the '.GSupport3 File Extension' Ransomware and most other modern ransomware Trojans. This is because the '.GSupport3 File Extension' Ransomware and other ransomware are relatively simple to remove; simply use a reliable security program that is fully up-to-date. The strength of their attack lies in the fact that the victim's files will remain encrypted even if the '.GSupport3 File Extension' Ransomware is removed. Being able to restore the encrypted files from a backup completely undoes the '.GSupport3 File Extension' Ransomware's attack easily, removing all leverage that allows these people to demand enormous ransom payments from their victims. Caution when handling emails, a reliable security program, and backups of all files combined will make most computer users completely impervious to attacks like the '.GSupport3 File Extension' Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.