GOLD Ransomware

Posted: September 3, 2020

GOLD Ransomware Description

The GOLD Ransomware is a file-locking Trojan that can block users' documents, pictures and other media on their computers. As part of the Dharma Ransomware family, its encryption for locking files is secure from free solutions, in most cases. Users should recover through backups, if they're available, and have anti-malware products protect their PCs by deleting the GOLD Ransomware.

Attackers Naming Their Weapons after What They Crave

Appropriately, considering its goals, a new version of the Dharma Ransomware family is naming itself after the metal that's so-often a stand-in for wealth. The GOLD Ransomware shows most of this Ransomware-as-a-Service's features in action, including the encryption responsible for taking media files as hostages. Its threat actor also is displaying some concern for their privacy with a free-but-secure e-mail service for the ensuing negotiations.

As malware researchers see no evidence of the GOLD Ransomware's changing its cryptography, victims may assume that it's locking data with the same AES-256 and RSA feature as part versions of the family. While long-analyzed through samples like the FREDD Ransomware, the Rxx Ransomware, the Wiki Ransomware, and the WSHLP Ransomware, such an attack is usually-unbreakable for third parties. Besides stopping most media from opening, the GOLD Ransomware also appends extensions referring to it and its campaign's e-mail.

Typically, this family leaves two ransom notes: a pop-up HTA alert and a simpler text one. In both cases, the messages recommend contacting e-mail or navigating to the campaign's anonymous TOR website and mention minimal details about the ransom. Although victims may consider paying, they have no recourse for cases where criminals take the money and run or provide a poor unlocking service.

Burying Golden Trojans Back in the Deeps

With its significance lying, mostly, in its representation in a still-active RaaS business, the GOLD Ransomware may use any distribution exploits or tactics that strike its affiliate threat actor's fancy. Some Ransomware-as-a-Service attackers will compromise PCs and hold their ransom contents randomly by using attacks such as disguised downloads on torrents or free software sites. Other campaigns prefer targeted methods, such as e-mail attachments sent to specific companies. Weak passwords also indicate a target at risk; dictionary attacks against them can be manually-handled, or automated and arbitrary.

Backups are an all but non-negotiable resource against all file-locking Trojans, such as Dharma Ransomware's family, the STOP Ransomware, or free programs like Hidden Tear. In some cases, the Restore Points are accessible, but most Trojans will delete the Shadow Volume Copy data that are necessary for them. Malware experts typically recommend backing files up to a detachable device or a cloud server with more security.

This Ransomware-as-a-Service, like most of them, conducts attacks emphasizing speed over secrecy. Most security products that detect file-locker Trojans should block and remove the GOLD Ransomware conveniently, like any other member of its threat category.

The GOLD Ransomware might long for plundering digital gold, but only an unlocked and unguarded safe is at risk from its attacks. Putting one's belongings in a protective locale is superior to amending the damage after an attacker strikes, whether on the highway or by e-mail.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to GOLD Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware GOLD Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.