GOLD Ransomware
The GOLD Ransomware is a file-locking Trojan that can block users' documents, pictures and other media on their computers. As part of the Dharma Ransomware family, its encryption for locking files is secure from free solutions, in most cases. Users should recover through backups, if they're available, and have anti-malware products protect their PCs by deleting the GOLD Ransomware.
Attackers Naming Their Weapons after What They Crave
Appropriately, considering its goals, a new version of the Dharma Ransomware family is naming itself after the metal that's so-often a stand-in for wealth. The GOLD Ransomware shows most of this Ransomware-as-a-Service's features in action, including the encryption responsible for taking media files as hostages. Its threat actor also is displaying some concern for their privacy with a free-but-secure e-mail service for the ensuing negotiations.
As malware researchers see no evidence of the GOLD Ransomware's changing its cryptography, victims may assume that it's locking data with the same AES-256 and RSA feature as part versions of the family. While long-analyzed through samples like the FREDD Ransomware, the Rxx Ransomware, the Wiki Ransomware, and the WSHLP Ransomware, such an attack is usually-unbreakable for third parties. Besides stopping most media from opening, the GOLD Ransomware also appends extensions referring to it and its campaign's e-mail.
Typically, this family leaves two ransom notes: a pop-up HTA alert and a simpler text one. In both cases, the messages recommend contacting e-mail or navigating to the campaign's anonymous TOR website and mention minimal details about the ransom. Although victims may consider paying, they have no recourse for cases where criminals take the money and run or provide a poor unlocking service.
Burying Golden Trojans Back in the Deeps
With its significance lying, mostly, in its representation in a still-active RaaS business, the GOLD Ransomware may use any distribution exploits or tactics that strike its affiliate threat actor's fancy. Some Ransomware-as-a-Service attackers will compromise PCs and hold their ransom contents randomly by using attacks such as disguised downloads on torrents or free software sites. Other campaigns prefer targeted methods, such as e-mail attachments sent to specific companies. Weak passwords also indicate a target at risk; dictionary attacks against them can be manually-handled, or automated and arbitrary.
Backups are an all but non-negotiable resource against all file-locking Trojans, such as Dharma Ransomware's family, the STOP Ransomware, or free programs like Hidden Tear. In some cases, the Restore Points are accessible, but most Trojans will delete the Shadow Volume Copy data that are necessary for them. Malware experts typically recommend backing files up to a detachable device or a cloud server with more security.
This Ransomware-as-a-Service, like most of them, conducts attacks emphasizing speed over secrecy. Most security products that detect file-locker Trojans should block and remove the GOLD Ransomware conveniently, like any other member of its threat category.
The GOLD Ransomware might long for plundering digital gold, but only an unlocked and unguarded safe is at risk from its attacks. Putting one's belongings in a protective locale is superior to amending the damage after an attacker strikes, whether on the highway or by e-mail.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.