Need The Best IT Services In Colorado Springs?

Call Us Today!

(719) 355-2440

Published On: November 6, 2017 by CCS

GIBON is a new type of ransomware that first emerged on the scene last week and has since been utilized in a wide range of cyber-attacks. The main way this GIBON-variant is spread is by malspam with an attached malicious document, which contain macros that will download and install the ransomware on a computer. This means that through phishing emails, users are tricked or induced into opening a file containing the ransomware, called GIBON after a phrase that appears several times in the code. If the user follows through and opens the attached file, the ransomware then takes over.


We are still working to discover all the details on how GIBON is distributed, we do know that when it is first started, it will connect to the Command and Control Server for the ransomware register a new victim by sending a base64 encoding string with the timestamp, the register string, the version of Windows. Basically, this means it is telling Command Central that your computer is a new victim and has not been infected before.

Once it has locked into your system, it begins to encrypt all your files, regardless of extension. Only the Windows folder is safe. For each file that is encrypted, it will make a READ_ME_NOW.txt file, providing instructions for what you should do and how to get your files back. It instructs the victim to send emails to or subsidiary: for instructions on payment.

The good news is that there is a decryptor available from to counter this version of ransomware. You still want to be vigilant in protecting yourself and your data on a daily basis. Some things to remember are:

  • Backup that data. You can never backup too often.
  • If you don’t who is sending an attachment, don’t open it.
  • If it appears to be from someone you know, verify that they sent you one before opening.
  • Install Windows updates as soon as you see them available. They are there for a reason.
  • Make sure you are using passwords and don’t use the same password on multiple sites or more than once.

Unfortunately, no matter how strong the security solutions, attacks will continue to slip through the cracks. Therefore, MSPs and MSSPs who are looking to fully-protect their clients must implement a proper, reliable backup and disaster recovery (BDR) solution with online and offline backup solutions as the ultimate failsafe against successful attacks. Your data is important, don’t let some hacker take it away.

Certified and Verified Service-Disabled Veteran-Owned Small Business (SDVOSB)

Colorado Computer Support is a local IT company certified and verified service-disabled veteran-owned Small Business. When you use our IT services in Colorado Springs, you can be confident that you are dealing with a Colorado Springs company owned by a disabled veteran and that they will be able to provide you with the best possible IT support.
Skip to toolbar