GOLD Ransomware

The GOLD Ransomware is a threatening program that encrypts valuable data on targeted computers, preventing, thus, the owner's access to the affected files. Once the GOLD Ransomware threat enters a device, it scans for images, videos, productivity documents, text files, and all other data that could be important for the user. When such files are detected, the GOLD Ransomware encrypts them with a strong encryption algorithm and then displays a pop-up message on the desktop, asking for the payment of a particular amount in the Bitcoin cryptocurrency, in exchange for a decryption tool.

The Ransom Note

Victims of the GOLD Ransomware can recognize the infection by the specific extension that the malware adds to the locked files - ".[goldmind@tuta.io].gold.” The ransom note appears as a pop-up message. However, it also can be found in a text file named "FILES ENCRYPTED.txt." According to the attackers' instructions, the victim should contact them at the e-mail address goldmind@tuta.io. The ransom note also advises users not to decrypt the files through a third-party decryptor, which would destroy them permanently.

Protecting Your Data from Threats Like the GOLD Ransomware

Unfortunately, there is no free decryption key for files locked up by the GOLD Ransomware currently, and the encrypted data can be recovered only from backups. To avoid ransomware infections, you should never open e-mails or attachments from suspicious senders. In some cases, malware developers also exploit operating system vulnerabilities to install threatening tools on target computers.