2012-05-16 - Evolution

Gimemo wants to play in the big league

Looks like guy(s?) behind Gimemo (aka Gema / GVU / Sacem etc...)

German ransom page as of may 2012 (ukash / 100€)

See Gimemo page on botnets.fr for more screenshots

want to reach the big league where Goldenbaks

The UK Ransom landing for "Goldenbaks" as of end of february 2012

(see Goldenbaks page on Botnets.fr, The “Police Trojan” (Trendmicro) , Police Trojan Crosses the Atlantic, Now Targets USA and Canada (Trendmicro) ) is trying to play the game with the prolific Reveton/Foreign (see Reveton page on Botnets.fr )

US landing for "Reveton" as of may 2012 after switching from PaysafeCard to Moneypak

Already targetting population of 6 countries in Europe, they have now added
Greece

Spain (sgae)

Italy (SIAE)

Portugal (SPAUTORES)

Belgium (SABAM)

SABAM Belgium (05/2012)

Canada is here :

Canada page (16-05-2012)

Sweden :

Sweden page (16/05/2012)

to their Ransom Art. They have also double the Ransom amount (50 -> 100) and added the Ukash option for Germans.

German page February/Mars

German page 25th of March till yesterday

German page today (Ukash, 100€)

We can expect that next step is adding Ukash for all the targetted countries where it's available and maybe adding specific redirection for Finland and US as Reveton is already doing.

For a technical description of Gimemo take a look at Ransomware Gets Professional, Targeting Switzerland, Germany And Austria (Abuse.ch) (note that the countries mentionned there were already targetted since beginning of march).

For malware hunter guys :

2645a5c76f191af0b33e4ad475004b31 -> partner3_2
84c4de6df97e2e7c70a1dec511a0d732 -> partner3_2
d1f3c1efbc75d4cdc53241d85cbb8caf -> partner3_2
7a298eddec2944d13ebb341fbd105bab -> unser4
0f87746a40610df632e00ed9359fc1ab -> partner4
03eefeabff651af449f1a639d00a435c -> unser4
c98493cd520c2a8a436f78570526dca7 --> partner3_2

Edit : Added Belgium, Sweden, Canada