Gollum Ransomware
The Gollum Ransomware is a variant of the file-locking Trojan Bitshifter Ransomware. Its attacks can keep your files from opening by encrypting them with AES, change their extensions, and create Bitcoin-based ransoming demands in text and HTML pages. Since the threat's payload also has some potential for collecting data, users should disinfect their PCs with anti-malware products able to delete the Gollum Ransomware safely before restoring their files, changing any passwords and taking other precautions.
Middle-Earth Invades Your Computer
The Bitshifter Ransomware campaign's split into variant threats, the first confirmation of which came through samples of the Winsecure Ransomware, is ongoing with the succession of the similar Gollum Ransomware definitively. With malware experts unable to find any substantive alterations to the file-locker Trojan's methods of attack, the Gollum Ransomware continues being threatening to users without proper file backup resources potentially, as well as a general threat to privacy and confidential information on the PC. Other than its re-branded name, the Gollum Ransomware keeps the symptoms of the Bitshifter Ransomware, including dropping multiple ransoming messages and encrypting your media.
The Gollum Ransomware, whose name is from a character of J.R.R. Tolkien's most famous novel trilogy, uses the AES-256, in CBC mode, for locking the user's files by encrypting them, and keeps the encryption method private by running a second layer of RSA. The extension that the Gollum Ransomware uses for flagging these files, which can range from Word or PDF documents to archives or pictures, is the '.encrypted' string. Since malware experts are finding similar filename symptoms among other campaigns, users should be cautious about running a decryptor or other file-retrieval tool before confirming the Gollum Ransomware's identity.
The Gollum Ransomware uses a Notepad TXT and HTML files for its ransoming demands, which include the English grammar issues of note in the first Bitshifter Ransomware. Since paying the Bitcoin ransom (equal to three hundred USD) doesn't procure a real decryptor necessarily, victims should avoid it unless presented with no other options for recovering their work. Backups on other devices are a traditional and reliable recovery method for any files that Trojans of the Gollum Ransomware's category may lock, corrupt or delete.
Sending a Greedy File Thief to a Fitting Fate
The minor villain it references in its brand update is a memorable 'mascot,' but the Gollum Ransomware has no internal features that make it any less vulnerable to the traditional security solutions that are already detecting the Bitshifter Ransomware at reasonable rates. However, because of the Gollum Ransomware's inclusion of a C&C connection that could give criminals some degree of remote access to a compromised PC, victims of this threat should monitor online accounts for unusual history and consider their confidential information, such as passwords, as being in the threat actor's possession potentially. The Gollum Ransomware's use of a WebSocket-based networking routine, like the Desbloquear Conteúdo Chrome Extension, could help it with overriding some traffic-monitoring and security features.
The distribution of the Gollum Ransomware's ancestor Trojan, the Bitshifter Ransomware, uses fake gaming mods and patches for AAA products to infect its victims. However, the Gollum Ransomware campaign may use different exploits, including spam e-mails, drive-by-downloads via the RIG Exploit Kit, or RDP attacks. The proper management of your passwords and any non-local backup is mandatory for reducing your PC's vulnerability to infection and the long-term data loss. If possible, users should remove the Gollum Ransomware with an anti-malware product whose viability against the Bitshifter Ransomware is already conclusive.
The Gollum Ransomware is a budget form of a file-locker Trojan, both according to its extortion plans and its programming. Small-scale isn't equivalent to low lethality, however, and forgetting to take Trojans like the Gollum Ransomware seriously can result in being taken advantage of, much as this threat's namesake did to Tolkien's protagonist.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.