Golden Ransomware
The Golden Ransomware is a Trojan that blocks your screen with a text-based ransoming message and may launch additional attacks, such as deleting backups or encrypting your media. This threat's development is ongoing, although any infection methods may use such exploits as fake e-mail attachments, brute-force attacks for cracking logins, exploit kits, or file-sharing networks. Keep your backups on other devices for optimal safety and use appropriate anti-malware programs for uninstalling the Golden Ransomware.
A Trojan that Glitters isn't Always Gold
When threat actors opt for designing Trojans of their own, instead of renting a Ransomware-as-a-Service family or exploiting 'free' programs like Hidden Tear, the results are, often, incremental instead of instantaneous. These circumstances typically create 'file-locking' Trojans that omit the locking portion of their payload until later in development, such as the Golden Ransomware. Its intentions as a file-ransoming threat are self-evident, but, so far, malware experts are only seeing attacks from it that block the victim's screen.
Samples of the Golden Ransomware's executable are circulating in threat databases with the name of 'FABGolden.exe,' although any future versions are likely of changing to more concealable names, such as 'svchost.exe' or 'explorer.exe' (which are traditional examples of Trojans that disguise themselves as parts of Windows). The Golden Ransomware includes a self-hibernating feature for avoiding any active security software that could detect it as a threat and hijacks the Registry for launching itself with Windows.
As an in-progress threat, the Golden Ransomware has no significant attacks, currently, besides its screen-blocking feature. This function loads a black-and-yellow-flashing pop-up that keeps the user from accessing the Windows UI or their desktop and displays the Trojan's ransoming text. Although the format suggests that the author will incorporate a Web infrastructure into his ransoming demands, no version of the Golden Ransomware available to malware experts, at this time, can lock files or process ransom-related payments in any way.
Making Your Files Golden against an Upcoming Trojan
The Golden Ransomware's state of harmlessness is unlikely of lasting for more than a few days or, at the most, weeks. Free resources for non-consensual encryption are numerous, and even programming such a feature 'from scratch' can take no more than a few minutes. Users planning on keeping their files safe should back them up to a second machine or storage device, such as an appropriate USB. Due to the frequency with which file-locker Trojans delete local backup data, malware experts discourage depending on them exclusively.
The Safe Mode feature in most versions of Windows can provide additional security against automatically-starting threats that keep you from engaging with the user interface. If the Golden Ransomware receives further updates that counter this technique, malware experts suggest that you boot from another device for avoiding the compromised Registry directly. Let your anti-malware products remove the Golden Ransomware automatically while scanning your computer and be aware of the high probability of another threat that's responsible for its installation being present.
Trojans that take over the screen, in addition to your files, can be frustrating especially for their victims. As long as you keep your patience and don't allow yourself to become pressured by these strong-arm tactics, the Golden Ransomware should stay ransomless without costing you any of your media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.