'.good File Extension' Ransomware

The '.good File Extension' Ransomware is an encryption ransomware Trojan that is a variant of HiddenTear, an open source ransomware Trojan that was first released in 2015. PC security researchers have detected the 'good File Extension Ransomware in the first week of September 2018, and it is one of the latest variants in its ransomware family. The '.good File Extension' Ransomware has been seen carrying out attacks with various aliases, such as the 'Shiva Ransomware.' There is, however, little to differentiate the '.good File Extension' Ransomware from the many other HiddenTear variants that have appeared through the years.

The '.good File Extension' Ransomware will not Bring Anything Good to You

The '.good File Extension' Ransomware is commonly delivered to victims through the use of spam email attachments, often in the form of corrupted DOCX files that contain embedded macro scripts that download and install the '.good File Extension' Ransomware onto the victim's computer. The '.good File Extension' Ransomware uses the AES 256 encryption to encrypt the victim's files once it is installed on the victim's computer. The '.good File Extension' Ransomware targets a wide variety of the user-generated file types, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '.good File Extension' Ransomware delivers a ransom note in the form of a text file named 'HOW_TO_RECOVER_FILES.txt,' which contains the message:

'Your personal identifier: -
Your important files are now encrypted due to a security problem with your PC!
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: dsupport@airmail.cc
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click'Buy bitcoins', and select the seller by payment method and price:
hxxps://localbitcoins[.]com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk[.]com/information/how-can-i-buy-bitcoins
Attention!
*Do not rename encrypted files.
*Do not try to decrypt your data using third party software, it may cause permanent data loss.
*Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.'

Protecting Your Data from the '.good File Extension' Ransomware

The best protection from threats like the '.good File Extension' Ransomware is to have file backups stored on the cloud or an external memory device. Malware specialists advise the use of a proven and updated security program. Caution should be exercised when handling unsolicited email attachments.