Goliath Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 45 |
First Seen: | May 19, 2016 |
Last Seen: | June 16, 2022 |
OS(es) Affected: | Windows |
The Goliath Ransomware is related to the rise of the RaaS (Ransomware as a Service) industry. There is a Deep Web website that is associated with the Goliath Ransomware, which advertises products and services related to ransomware attacks. This website is named 'Hall of Ransom.' Like most Deep Web websites, the Goliath Ransomware's website is accessed using TOR. This website sells Locky, a well-known ransomware threat, for $3000 USD. Locky is delivered using corrupted Microsoft Word macros that are distributed as spam email attachments. Locky has being used in high-profile attacks against medical institutions, which have had to spend thousands of dollars each to decrypt the affected files. Locky itself has been responsible for at least 90,000 daily attacks in the last three months! One alarming aspect of this website is that it also advertises a 'new generation of ransomware,' named the Goliath Ransomware.
The Goliath Ransomware may be Acquired by Anyone!
This website also advertises a 'USB key' that, for $1200 USD, supposedly decrypts the files encrypted by Locky. Since this is not possible, this is clearly part of a hoax where con artists take advantage of other fraudsters! This website sells the Goliath Ransomware for $2100 USD. According to this website, the Goliath Ransomware is derived from the Locky's source code. Supposedly, the Goliath Ransomware is designed for beginning attackers who are just getting started in the world of ransomware distribution. According to the Goliath Ransomware's advertising, the Goliath Ransomware has a high infection rate and allows con artists to carry out ransomware attacks with a single click. PC security analysts have linked the Goliath Ransomware and its related website to a different ransomware variant named Jigsaw, which is mentioned in the websites HTML code. Jigsaw is especially difficult to deal with because it deletes files on the victim's computer incrementally for every hour that passes in which the ransom is not paid. This pressures victims into paying the ransom amount quickly.
The Goliath Ransomware and Other RaaS Encryption Ransomware Trojans
Threats like the Goliath Ransomware may be sold on the Deep Web. In many cases, threat creators are not the same people that distribute and profit directly from the attacks. One of the reasons why threats like the Goliath Ransomware are attractive to con artists is that they promise a quick return on investment. This has made it profitable for many threat creators to distribute their threats as a service, allowing con artists to use the ransomware and handling all aspects of demanding payment and delivering decryption keys after payment was made. There are many ransomware threats that use RaaS models, including such attacks as ORX-Locker, Mischa, Petya and Cerber. High profile ransomware threats, such as TeslaCrypt 3.0, have also moved to a RaaS model in recent months. In some cases, such as with the Tox Ransomware Trojan, third parties offer their services for free and earn a percentage (in the case of Tox the percentage is 30%) of each payment made by the victims.
According to the Goliath Ransomware's website, this threat uses a VPN (Virtual Private Network) and is designed to infect Windows computers. The Goliath Ransomware does not make sense in all aspects and has not been observed in the wild currently. In fact, it is even a doubt whether the Goliath Ransomware exists or if it is a hoax used to profit from inexperienced would-be con artists. One of the aspects of the RaaS industry and similar attacks is that it has attracted many people that have absolutely no experience with the cybercrime, but see it as a profitable investment. The Goliath Ransomware may be part of a hoax created by the same threat creators as a way to make money off of possible con artists that do not understand how these attacks work.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.