Gooolag Ransomware

The Gooolag Ransomware is a threat discovered in the wild. The Gooolag Ransomware operates as typical ransomware. However, so far hasn't been attributed to any of the already established ransomware families. Systems infected by the Gooolag Ransomware will be subjected to data encryption, which will lock the files stored there effectively. Users will, subsequently, be unable to neither access nor use the files in any way without having the right decryption key.

All files affected by the Gooolag Ransomware will have '.crptd' appended to their original names as a new extension. Following the completion of the encryption routine, the threat will proceed to deliver a ransom note with instructions. The note-bearing file is dropped on the Dekstop of the computer, under the name 'How To Restore Your Files.txt.'

Gooolag Ransomware's Demands

O the note, the hackers behind the Gooolag Ransomware infection try to scare their victims into complying with their demands via several different methods. In addition to the locked data, the cybercriminals claim to have obtained over 600GB of sensitive data. Not only that, but they will supposedly launch a DDoS (Distributed Denial-of-Service) campaign against all domains associated with the victim, alongside calling all company's employees starting with the CEO.

To prevent all of this from taking place, users are expected to pay a ransom using a cryptocurrency that is not specified in the note itself. To establish contact and get additional details, users can message two provided email addresses - 'Gooolag46@protonmail.com' and 'guandong@mailfence.com.'

The full text of the note delivered by Gooolag Ransomware is:

'Hello
If you reading this message, it means your network was hacked and all of your files and data has been ENCRYPTED
More than 600 gigabytes of important information was also downloaded.
Do not change the extension on the files, it may cause damage.
Also on top of that, we start ddos of all your domains.
And calls to your entire team, starting with the CEO.
What can you do -
1) write to our emails. As soon as possible.
2) do not interfere with the police and other authorities (they can slow down our communications, after our deal we leave you the right to contact any authorities)
3) Do not invite company recovery. They can also slow down our communications and sometimes even disrupt the deal. (You can invite the recovery company when we complete the deal, and you will receive a decryptor if you want to.)
4) Keep us informed of the processes, obtaining cryptocurrency
5) Do not hold us for fools =)
Contacts for communication.
- Gooolag46@protonmail.com
- guandong@mailfence.com.'