Cago Ransomware
The CAGO Ransomware is a variant of the "Hermes Ransomware." Like most ransomware, the CAGO Ransomware encrypts your data and appends files with an extension. In this case, the extension is usually ".CAGO Ransomware." The ransom file created is usually labeled "DECRYPT_INFO.txt" and added into every affected folder.
Table of Contents
What the CAGO Ransomware Ransomware will Do with Your Files?
The encryption method the CAGO Ransomware uses is unknown currently. It may use symmetric or asymmetric cryptography. Nowadays, there is no known method of decrypting files attacked this way, without knowing the key and method that was used to encrypt them. The CAGO Ransomware is similar to the DCOM and the Litar family of ransomware. The malware is spread via spam email containing a link to a compromised download or sometimes even an attached file that is infected. Once executed, the malware spreads throughout the device storage and affects all the files it can access aggressively. Sometimes the malware can be spread using "macros" embedded into documents.
Sample Ransom Note
'Hello, dear friend.
All your files are encrypted with a unique key.
Are you sure you want to recover all your files ?
Write us an email: popstop@foxmail.com
Enter your unique ID in the message: -'
Protecting Yourself from the CAGO Ransomware Ransomware
First and foremost: backup your important files regularly! If your device is infected, chances are that your current files are encrypted forever so that, without a backup, there is little hope left for recovering them. Verify the source of any downloaded file. Even if the file was attached to an email from a known email address, always double-check that the source email is accurate and that the attachment makes sense and is legitimate. Most corrupted emails come from obviously fake accounts and are easy to detect, but if one of your contacts has an infected device, it may attach files to their correspondence without their knowledge. Another common method for distributing malware is to bundle them with torrent files. Never download torrents from unknown sources or run any executables they might contain. Finally, install good third-party anti-virus software and keep it updated daily. Anti-virus software is only as effective as its virus and malware definitions so that it is important that you keep them on auto-update
My Device Has Been Infected. What Do I Do Now?
The right thing to do is to format your hard drive to be certain that no remnants of the malware are left on your device. This is the only surefire way to remove most malware completely once they infect your system and it is important because any hard drive you connect to, or sometimes even any email you send from an infected device can spread the malware further. You can try using one of many malware removal tools in "Safe Mode" on your PC or "Safe Boot" on your Mac to remove all traces of the CAGO Ransomware malware from your system, but these are never 100% effective and usually will not be able to recover your files. There is no known method to recover files infected by the CAGO Ransomware currently.
DO NOT reach out to the attackers or try to pay any ransom. There is a negligible chance of recovering any files this way, and usually the attacker will ask for more money or simply vanish.
