Threat Database Ransomware GoldenAxe Ransomware

GoldenAxe Ransomware

By GoldSparrow in Ransomware

The GoldenAxe Ransomware is an encryption ransomware Trojan that was first observed on March 17, 2019. The GoldenAxe Ransomware carries out its attack on computers running the Windows operating system and is generally distributed as a bogus update for the Adobe Flash Player. Once installed, the GoldenAxe Ransomware carries out a typical encryption ransomware attack, using a strong encryption algorithm to make the victim's files inaccessible. The GoldenAxe Ransomware communicates with its Command and Control servers to relay information about the infected computers and retrieve information from its controllers. The GoldenAxe Ransomware's attacks are mostly concentrated in Russia and the United States, although a few compromised computers have been reported in Germany.

Symptoms of a GoldenAxe Ransomware Attack

The GoldenAxe Ransomware uses a strong encryption algorithm to target the user-generated files. These files may include a wide variety of documents, databases, media files, and numerous other data containers. The files that threats like the GoldenAxe Ransomware target in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The GoldenAxe Ransomware marks each file encrypted by its attack with a new file extension and an ID string that typically takes the form of five random characters. The GoldenAxe Ransomware delivers its ransom note in the form of several files that are dropped on the infected computer's desktop and Documents folder. These files are named:

# instructions- #.jpg
# instructions- #.txt
# instructions- #.vbs

These files deliver a message claiming that the victim must pay a ransom amount in exchange for the decryption key. The GoldenAxe Ransomware also uses the Windows' Text-to-Speech to say "All your files are encrypted. Read the Help file for solution." However, the ransom payment does not represent a guarantee that the victims will get their data back so that they should ignore the contents of the GoldenAxe Ransomware ransom demands.

Dealing with the GoldenAxe Ransomware and Protecting Your Data from These Threats

The best protection against threats like the GoldenAxe Ransomware is to have backup copies of all files and keep these backups stored in a secure location such as the cloud or on an external memory device. In the case of an attack, having file backups ensures that computer users can ignore the criminals' demands and simply replace the files encrypted by the attack with the backup copies. Apart from file backups, computer users should use a security program. These programs are not capable of decrypting the files encrypted by threats like the GoldenAxe Ransomware, but they can intercept threats like the GoldenAxe Ransomware and reduce the likelihood of becoming infected with threats drastically.


Most Viewed