Gopher Ransomware

A new dangerous malware threat has been released in the wild. Called Gopher Ransomware, the threat can cause severe damage to any computer system it manages to infect. By initiating an encryption routine, Gopher locks nearly all of the files stored on the infected system and renders them unusable. The threat will then extort its victims for money in exchange for the decryption software needed to restore the affected data.

When Gopher Ransomware encrypts a file, it will also change that file's original name by appending '.gopher' to it as a new extension. As for its ransom note with instructions for the victims, it delivers it in two separate forms. The threat will substitute the default desktop wallpaper with a new image that displays the hacker's message while also generating a pop-up window with additional instructions.

According to the message from the desktop background image, the cybercriminals responsible for creating Gopher Ransomware want to receive a ransom of $400 payable in Bitcoin. After getting the money, the hackers promise to send the decryption key to their victims. At the current exchange rate of the Bitcoin cryptocurrency, the sum of $400 is equal to approximately 0.0072 BTC.

After sending the money to the cryptowallet address found in the note, affected users are supposed to establish communication by messaging the 'manager@outlookpro.net' email address. To further push the victims into following their demands, the hackers threaten to leak information they have stolen from the compromised computer system to the public. The message displayed in the pop-up window contains the instructions on how to restore the files after receiving the decryption key.

Negotiating with people responsible for spreading malware threats such as Gopher Ransomware is never a good idea. Users may be exposed to further security risks while having no guarantees that the hackers will honor their end of the deal.

The ransom message from the Gopher Ransomware's wallpaper image is:

Your important files have been encrypted!
Most of your files are no longer accessible or
usable due to them being encrypted
You can only recover your files with our decryption service.
To decrypt Your files send $ 400 usd in BITCOIN to

Address: 3MwjrWZaDyPY1eybS8dZrweEhQVwVCv1ye

Visit hxxps://buy.bitcoin.com/ Register Buy Bitcoins Send $400
After payment contact manager@outlookpro.net
for the decryption KEY before YOUR DATA IS LEAKED ONLINE,
FBI YOU WILL END UP IN JAIL
THE EARLIER THE BETTER
YOU KNOW YOUR ACTIVITIES ARE PUNISHABLE BY LAW

The instructions displayed in the pop-up window are:

You have been infected by the Bad Gopher virus. All your files have been encrypted
BAD GOPHER has already been activated. No decryption key was provided.
To decrypt your files, pay for your decryption key and drag the decryption file onto the "Restore Your Files.exe" file on your desktop.

Alternatively, drag the decryption file onto the text here and press enter.

Path to the decryption key: