GoRansom Ransomware
The GoRansom Ransomware is a file-locking Trojan that can encrypt files so that they can't open. Although it's in a proof-of-concept state, its encryption routine is working and can be threatening to your documents, pictures and other media. Users can recover their work through the methods in this article and have compatible anti-malware services delete the GoRansom Ransomware from their machine.
Trojan Infections Coming with Bundled Antidotes
Proof-of-concept or POC Trojans can vary in their malevolence and motives, like any experimental or educational software. Although users always should avoid the security risks that lead to infections, such as enabling macros on fake invoice documents, not every encryption attack is equally troublesome to recover from afterward. The GoRansom Ransomware is, possibly, the one that most victims would prefer, over a more severe threat like the Jigsaw Ransomware or the Scarab Ransomware business.
In looking over these first samples, malware experts find no noted ties between the GoRansom Ransomware and previous threats, such as the 'free' Hidden Tear project. Like more well-known Trojans, the GoRansom Ransomware encrypts digital media like JPG pictures or Word DOCs, adds an extension 'gore,' in this case) to their names and shows a Notepad 'ransom note.' Unlike nearly all of the other file-locking Trojans, however, the GoRansom Ransomware doesn't ask for a ransom or money. Instead, it tells the victim how to unlock their files.
The GoRansom Ransomware's unlocking component is hard-coded into the program. To use it and recover their work, victims can launch the Trojan from the Windows Command Prompt or CMD, with the additional argument of 'decrypt' (and one space between the command and the Trojan's name). The GoRansom Ransomware then, unusually, performs the decryption operation and returns all content to normal.
Taking Programming Experiments with All Proper Care
POCs are exploitable by third parties with more illicit intentions than the author. As Hidden Tear's history demonstrates, criminals can hijack programs like the GoRansom Ransomware, edit them slightly, and release them into the wild for extorting money from the victims. There's no guarantee that future versions of the GoRansom Ransomware will retain the locked-in-stone decryption method that makes this program relatively harmless.
The GoRansom Ransomware is a Windows Trojan and has a small file size of just over two megabytes. Some possible distribution methods that malware experts find likely for 2019 campaigns include:
- E-mail phishing messages may deliver the GoRansom Ransomware through pretenses of workplace documents, such as bills, faxes, hardware updates or industry news.
- Less personally, some threat actors infect victims at random by compromising ad networks with fake updates or using torrents for popular-but-illegal products.
- Criminals interested in having manual control over the infection process may search for servers with weak software versions or login credentials, hack them, and drop the GoRansom Ransomware.
Less than half of most AV vendors are identifying this Trojan currently. Always install updates to your anti-malware services as they're available for removing the GoRansom Ransomware and threats like it before they can initiate any attacks. The GoRansom Ransomware might be a case of one programmer testing out something that isn't for causing any harm. Whether the truth is just that, or something less pleasant, no one should leave their files' integrity up to chance.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.