GodLock Ransomware

Cybersecurity experts are working to combat cybercriminals tirelessly, who are constantly pumping out more and more data-locking Trojans, but this truly is a Sisyphean task. As soon as malware researchers manage to crack a ransomware threat, they make sure to release a publicly available decryption tool, but the sheer amount of file-encrypting Trojans being published is impossible to counter. One of the newest ransomware threats spotted is called GodLock Ransomware.

Propagation and Encryption

It is not clear how the cybercriminals behind the GodLock Ransomware are distributing it. Among the likely propagation methods are mass spam email campaigns, fake software updates and bogus pirated copies of popular applications. When the GodLock Ransomware compromises the targeted system, it will perform a scan whose goal is to locate files of interest. This means determining the locations of the files, which match the requirements of the GodLock Ransomware. Such ransomware threats are often programmed to target a very long list of file types so that the threat will manage to do as much damage as possible on the infiltrated host. When the scan is completed, the GodLock Ransomware will proceed by triggering its encryption process. This ransomware threat applies a '. GodLock' extension to all the affected files. This means that a file that was named 'Werewolf.mp3' previously will be renamed to 'Werewolf.mp3. GodLock' when the GodLock Ransomware encrypts it.

The Ransom Note

When the encryption process is through, the GodLock Ransomware will drop a ransom note called 'GodLock.README.TXT' on the user's desktop. The ransom message starts with 'Do not panic!' and proceeds to explain to the victim what has happened to their files. The attackers state that there is no other way to retrieve your data apart from purchasing a decryption key from them. They also want the victim to contacts them via email ‘freewizard9@protonmail.com.' There is also a deadline – unless the user gets in touch with the attackers within one week of the attack taking place, the authors of the GodLock Ransomware state that they will wipe off the decryption key the victim needs.

We advise you against contacting cyber crooks, as there is no guarantee that they will provide you with the decryption key promised, even if you pay them the ransom fee. Instead, you should look into obtaining a legitimate anti-malware solution that will rid you of the GodLock Ransomware safely.