'.google File Extension' Ransomware

The '.google File Extension' Ransomware, also known as GoGoogle Ransomware, is a file-locking Trojan that can encrypt your files so that they can't open. The '.google File Extension' Ransomware campaign targets unprotected Web servers preferentially but may harm any user's media, whether at home or in a work environment. Victims can recover with any available backup, along with anti-malware tools for guaranteeing the safe removal of the '.google File Extension' Ransomware.

Trojans that Aaen't Alphabet Inc.-Endorsed Exactly

With campaigns targeting poorly-secured servers throughout the year of 2020, the '.google File Extension' Ransomware, AKA GoGoogle Ransomware, is one of the smallest families of file-locking Trojans in operation. However, size doesn't correlate to the complexity of its encryption routine, which can hold content on the target's drives hostage indefinitely. Although malware experts only see very few spinoffs of the '.google File Extension' Ransomware, the absence of a public decryption solution speaks for itself.

The '.google File Extension' Ransomware is a Windows program, although the executable is more megabytes than typical. Besides blocking files and stopping them from opening with a secure encryption feature, it also appends extra text into their names: the extension from its name, and also ransoming information (an ID and an e-mail, similarly to most RaaS operations). The current version of the '.google File Extension' Ransomware also uses 'bild' for the executable's name, which differs from old variants like the Trix Ransomware – a fake 'svchost' Windows file.

The '.google File Extension' Ransomware uses a Notepad 'FireRecovery' file for offering premium decryption help to any victims. If they consider this option, users should be aware that, historically, this family's decryption software is buggy and can corrupt data permanently. Testing decryption tools should always use spare copies of any encrypted media.

Data-Locking Solutions that are Less than a Web Search Away

The '.google File Extension' Ransomware uses the name of the famous search engine and its company, but this choice seems random. Naturally, there is no affiliation between them and the Trojan, which can use wholly-arbitrary names and themes. Since past attacks tend towards compromising Web servers, malware experts recommend that administrators attend to notable security risks. These attacks may crack badly-chosen passwords with dictionary attacks or exploit outdated software with publicized vulnerabilities, or hijack open RDP features.

Despite the above details, any Windows user without secured backups is at risk from the '.google File Extension' Ransomware infections. Precautions such as backing up one's documents, pictures, and other work to remote drives can assist with file recovery in cases where decryption isn't available – which is the majority of cases. Although some users may recover with the Restore Points, file-locking Trojans, frequently, erase this content automatically.

Malware researchers have limited data on associated tactics or infection vectors for the '.google File Extension' Ransomware, besides confirming the new change in the filename. Most anti-malware products, still, should remove the '.google File Extension' Ransomware from infected systems and block drive-by-download attempts.

Like the Google Antivirus Alert or the Google WebHP Virus, this Trojan uses one of the most famous names on the Web for common tactics. What title a Trojan chooses has little relevance on its technical workings or the best means of recovering from them without harm – to one's wallet or one's media.