GPAA targets Windows OS and its distribution method is currently unknown. Once a system is infected, it will scramble the names of targeted files and append .cerber6 to the names of the newly encrypted files. GPAA also drops a ransom note named !READ.htm on the desktop and in every folder containing encrypted files. The ransom note tries to trick victims into believing the amount paid will be used to save impoverished children through a fictitious organization called the Global Poverty Aid Agency. The ransom demand for GPAA is 1.83 Bitcoin.
Associated Bitcoin addresses:
- Bleeping Computer provides more information about GPAA here.
- The NJCCIC is not currently aware of any free decryption tools available for GPAA but victims may be able to restore data from Shadow Volume Copies.