Threat Database Ransomware Goofed Ransomware

Goofed Ransomware

By GoldSparrow in Ransomware

The Goofed Ransomware is an encryption Trojan that is used to encrypt its victims' files. The Goofed Ransomware does this to demand ransom payments from its victims. Once the Goofed Ransomware has encrypted the victim's files, the files will become inaccessible until the victim agrees to pay a large amount of money to recover the affected files.

How the Goofed Ransomware Carries out Its Attack

The Goofed Ransomware was first observed on November 10, 2017, along with a number of other encryption ransomware Trojans released close to that date, all related to each other and variants of HiddenTear. HiddenTear is an open source ransomware platform that has been used countless times to create ransomware Trojans. HiddenTear was released initially as a proof of concept in August of 2015 but was adapted by cybercrooks to create numerous ransomware Trojans, with the most recent including the Goofed Ransomware. HiddenTear variants use a strong encryption algorithm that makes the victim's files inaccessible. Because of this, once the Goofed Ransomware has encrypted the victim's files, they can no longer be recovered. This means that prevention is key when dealing with the Goofed Ransomware and similar threats.

The most common way of delivering the Goofed Ransomware to victims is through the use of corrupted email attachments. Victims of the Goofed Ransomware will receive a spam email message disguised as a message from a reputable sender initially. Attached to this email message will be a Microsoft Word document. This document will include corrupted macro scripts that download and install the Goofed Ransomware onto the victim's computer. Once the Goofed Ransomware is installed, it will use a combination of the AES and RSA encryptions to make the victim's files inaccessible. The files encrypted by the Goofed Ransomware attack will be marked with the file extension '.goofed,' added to the end of each file's name. In its attack, the Goofed Ransomware will target the user-generated files, a list of file types that are commonly used by computer users. The Goofed Ransomware will avoid the files that are necessary for Windows to function since it requires Windows to remain functional so that the victim can read a ransom note and pay the ransom amount. The file types that could be enciphered by a Goofed Ransomware attack include:

.aspx, .cpp, .csv, .doc, .docx, .h, .html, .jpg, .jsp, .lnk, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .pst, .rar, .sql, .txt, .xls, .xlsx, .xml, .zip.

The Goofed Ransomware and Its Ransom Demand

The Goofed Ransomware will deliver a ransom note in the form of a text file named 'YOU_DONE_GOOFED.txt' after the victim's files have been encrypted. The Goofed Ransomware ransom note contains the following message:

'Files has been encrypted with hidden tear
Send me $100 in bitcoin to 112eFWptVuBw9KzVZFvgx8ERnqYMsY6HLj
And email me at hiddentear@protonmail.com for your decryption key.'

As with other variants of HiddenTear, the encrypted files are not recoverable without the decryption key. However, PC security researchers do not recommend that computer users pay the Goofed Ransomware ransom or contact the people responsible for the Goofed Ransomware attack. The people responsible for these threat infections will frequently ignore the victims' payments, demand higher ransom payments, or target those victims again intentionally since they have already shown a willingness to pay the ransom. More importantly, paying these ransoms enables these people to continue creating and distributing new ransomware Trojans like the Goofed Ransomware.

Protecting Your Computer from the Goofed Ransomware

The best protection against the Goofed Ransomware and similar ransomware Trojans is to make copies of your files. These copies make the Goofed Ransomware attack becomes ineffective completely since the victim can recover from the attack by deleting the encrypted files and restoring them from the backup. A reliable security program can be used to remove the Goofed Ransomware, although it will not restore the affected files.

Trending

Most Viewed

Loading...