GPAA Ransomware - Ransom or Donation?

GPAA Ransomware - Ransom or Donation?

GPAA is a ransomware using Cerber v6 on Microsoft Windows.



This ransomware is able to spread through infected emails, BitTorrent, and compromised websites. According to Enigma Software, 98 computers have been infected.


This ransomware, when run, will encrypt files and leave the 'ransom note' which is an HTML, in every folder. In the ransom note, the malware will claim to be part of the 'Global Poverty Aid Agency', and will ask the user for Bitcoin to decrypt the files. 

It claims that once 1000 Bitcoins (around $2.7 million USD at the time of the release of the ransomware) have been achieved, a decryption key will be sent to a certain email, which can be claimed with a provided password. 

The Bitcoin cost can vary on different computers.

Congradulations! Now you are a member of GPAA(Global Poverty Aid Agency).
We need bitcoins,our crowdfunding goal is to get 1000 BTCs. 1 BTC for 1 CHILD!

>> Click Here To Buy Bitcoins <<

Q: What happened?
A: Ooops, your important files are encrypted.It means you will not be able to access them anymore until they are decrypted.
These files could NOT be decrypted if you do not have the KEY(RSA4096).

Q: How can I get the decrypt programme?
A: Your task is    <bitcoin> btc.
Send the correct amount to the bitcoin address 
You can send more coins.When the goal is achieved,you will get the decrypt programme.
Use your phone to pay it

Q: Where to get the decrypt programme?
A: When the goal is achieved,we will send it to 
(You may register it first with the specified password: Save1000Children!!! ).

Q: What should I do?
A: Time waits for no man.

It targets the following file types:

.123, .3dm, .3dmap, .3ds, .3dxml, .3g2, .3gp, .602, .7z, .accdb, .act, .aes, .ai, .arc, .asc, .asf, .asm, .asp, .assets, .avi, .backup, .bak, .bat, .bdf, .blendl, .bmp, .brd, .bz2, .c, .c4dl, .catalog, .catanalysis, .catdrawing, .catfct, .catmaterial, .catpart, .catprocess, .catproduct, .catresource, .catshape, .catswl, .catsystem, .cdd, .cgm, .class, .cmd, .config, .cpp, .crt, .cs, .csr, .csv, .dae, .db, .dbf, .dch, .deb, .der, .dif, .dip, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .edb, .eml, .fbx, .fla, .flv, .frm, .gif, .gl, .gl2, .gpg, .gz, .h, .hpgl, .hwp, .ibd, .icem, .idf, .ig2, .igs, .ipt, .iso, .jar, .jasl, .java, .jpeg, .jpg, .js, .jsp, .key, .lay, .lay6, .ldf, .library, .m3u, .m4u, .mal, .max, .maxl, .mb, .mdb, .mdf, .mid, .mkv, .mml, .model, .mov, .mp3, .mp4, .mpeg, .mpg, .msg, .myd, .myi, .nef, .obj, .odb, .odg, .odp, .ods, .odt, .onetoc2, .ost, .otg, .otp, .ots, .ott, .p12, .paq, .pas, .pdf, .pem, .pfx, .php, .pl, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .ps, .ps1, .psd, .pst, .rar, .raw, .rb, .rtf, .sch, .session, .sh, .sldm, .sldx, .slk, .sln, .snt, .sql, .sqlite3, .sqlitedb, .stc, .std, .step, .sti, .stp, .stw, .suo, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tdg, .tgz, .tif, .tiff, .txt, .unity3d, .uop, .uot, .vb, .vbs, .vcd, .vdi, .vmdk, .vmx, .vob, .vsd, .vsdx, .wav, .wb2, .wk1, .wks, .wma, .wmv, .wrl, .xl, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .zip, .xmind, 


Community content is available under CC-BY-SA unless otherwise noted.