GonnaCope Ransomware
The GonnaCope Ransomware is among the more harmful ransomware threats. It is capable of locking the data of its victims completely. Furthermore, thanks to the sufficient strength of the encryption algorithm, the affected files are unlikely to ever be restored without assistance from the attackers. It should be noted that this particular malware was first identified by the cybersecurity researchers going as Petrovic on Twitter.
The characteristic that makes GonnaCope more destructive than the countless other ransomware out there, is its ability to delete files in addition to the encryption routine. The deleted files will be replaced by random ones that have the file extension '.cope' as part of their names. At the same time, the names of the encrypted files will be left intact. When all targeted files have been processed, GonnaCope proceeds to deliver its ransom note in two different ways - via a new text file named 'ReadMe.txt' and as a cmd (Command Prompt) window.
The message in both places is nearly identical. The attackers state that the locked files will be decrypted only after victims pay a ransom of $100. The sum must be paid using the Bitcoin cryptocurrency and is expected to be transferred to the provided crypto-wallet address. The message displayed in the cmd window also states that the hacker's wallet has been copied to the system's clipboard.
The full text of the message inside the text file is:
'Your files are unusable pay $100 in bitcoin to bc1qlly4puaz7pz3zmph8n2d620jc2j60qf4ve5qll to get your files back or allow it into outlook for a decryption key
Your files are unusable pay $100 in bitcoin to bc1qlly4puaz7pz3zmph8n2d620jc2j60qf4ve5qll to get your files back or allow it into outlook for a decryption key
Your files are unusable pay $100 in bitcoin to bc1qlly4puaz7pz3zmph8n2d620jc2j60qf4ve5qll to get your files back or allow it into outlook for a decryption key
Your files are unusable pay $100 in bitcoin to bc1qlly4puaz7pz3zmph8n2d620jc2j60qf4ve5qll to get your files back or allow it into outlook for a decryption keyThe instructions delivered via the CommandPrompt window are:
++++++++++++++++++++++++++++++++++
Your files are unusable pay $100 in bitcoin to bc1qlly4puaz7pz3zmph8n2d620jc2j60qf4ve5qll to get your files back or allow it into outlook for a decryption key
The wallet has been copied to your clipboard
++++++++++++++++++++++++++++++++++'
