Gomasom Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 12 |
| First Seen: | December 22, 2015 |
| Last Seen: | July 22, 2021 |
| OS(es) Affected: | Windows |
The Gomasom Ransomware is a ransomware infection that, until recently, would deem the victim's files unrecoverable without access to the decryption key. Fortunately, PC security researchers have reported that Fabian Wosar, a PC security researcher, has created a tool that can help computer users decrypt their files after they have been encrypted by the Gomasom Ransomware. This ransomware threat is a relative newcomer, only appearing in recent months in substantial numbers. However, the Gomasom Ransomware had been an effective ransomware infection capable of carrying out this known tactic.
Table of Contents
The Gomasom Ransomware and the Decryption Utility
The Gomasom Ransomware receives its name from the words 'Google Mail Ransom' (GO-MA-SOM) taking the first and last letters from these words. The Gomasom Ransomware infects the victim's computer and then encrypts all files matching its list of extensions, adding a Gmail address to the encrypted files' names and changing their extension to CRYPT. PC security researchers have reported that the recently created recovery tool can allow computer users to obtain the decryption key, and then decrypt the infected files using the same tools. The decryption utility works best if there are two files to be compared in an encrypted and decrypted version. Otherwise, it can compare different files with similar extensions, but the results may be less reliable. The decryption process will be slow, particularly for large quantities of data. It may take more than an entire day to decrypt the affected files.
The Gomasom Ransomware and Similar Infections
The Gomasom Ransomware is particularly irritating because the Gomasom Ransomware also encrypts executable files, not limited exclusively to documents and media files. Because of this, the Gomasom Ransomware will stop many applications on the victim's computer from operating. The Gomasom Ransomware changes the affected files' name to include a Gmail address because the Gomasom Ransomware expects computer users to contact that email address to receive help decrypting the files and instructions for payment of the ransom. Fortunately, it is no longer necessary to contact this email address, thanks to the work of the PC security researcher Fabian Wosar.
The Gomasom Ransomware spreads using common threat delivery techniques and is contained in a threatening executable file. The main purpose of the Gomasom Ransomware is to generate revenue at the expense of computer users, taking their files hostage and demanding payment of a ransom. Until the decryption utility was released, it was practically impossible to decrypt the files without the decryption key. Since most ransomware infections are created by recycling threatening code from one ransomware infection to another, PC security researchers consider it worthwhile to try to use the decryption utility associated with the Gomasom Ransomware to decrypt files encrypted by other threatening ransomware.
Protecting Your Computer from Threats Such as the Gomasom Ransomware
To protect your computer from threats like the Gomasom Ransomware, the best measure you can take is to install a reliable security application that is fully up-to-date and to use it at all times. Make sure that you follow safe browsing guidelines when browsing the Web. Some things you can do to lower the risk of the Gomasom Ransomware infections include the following:
- PC security researchers strongly advise computer users to avoid opening unsolicited email attachments or embedded links, since this is a commonly used method to distribute threats like the Gomasom Ransomware.
- Threats like the Gomasom Ransomware also may be distributed using social media links and tactics. Avoid clicking on suspicious social media messages, even if they are linked to one of your contacts or online friends.
- Not all websites are equally safe or unsafe. PC security researchers recommend that computer users avoid visiting websites commonly associated with threats like the Gomasom Ransomware, such as online casinos, pharmacies, and websites containing pornography or illegal file-sharing.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.