Threat Database Ransomware Go Ransomware

Go Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 11
First Seen: May 3, 2017
Last Seen: November 28, 2019
OS(es) Affected: Windows

The Go Ransomware is an encryption ransomware Trojan that was observed by PC security researchers in April 2019. The Go Ransomware carries out a typical encryption ransomware attack, taking victims' files hostage and then demanding a ransom payment from the victim. The Go Ransomware intended victims seem to be computer users in Czech speaking regions, although there is nothing in the Go Ransomware that prevents it from infecting computers located elsewhere. Security analysts have received reports that the Go Ransomware infections were hosted on the URL "nebezpecnyweb.eu/dl/m" (needless to say, do not go to this URL).

How the Go Ransomware Attack Works

There is very little to differentiate the Go Ransomware from other encryption ransomware Trojans, despite the fact that specific information about the Go Ransomware seems not to be freely available. The Go Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible. The files encrypted by the Go Ransomware attack can be recognized easily because the Go Ransomware adds the file extension '.LOCKED' to every file encrypted by the attack. Threats like the Go Ransomware depend on the victim's operating system remaining functional so that the victim can pay a ransom and read a ransom note. Because of this, these threats generally target the user-generated files, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Go Ransomware’s Ransom Demand

The Go Ransomware will deliver its ransom note once the victim's files have been compromised. The Go Ransomware ransom note takes the form of an HTML file named 'precist.html' that is left in various locations on the infected computer. This ransom note is opened with the victim's default Web browser and contains a message in Czech. The Go Ransomware ransom note contains a countdown timer claiming that the victim has a week to pay a ransom amount of either 0.5 BTC or $250 USD or the affected files will be lost forever.

Protecting Your Files from Threats Like the Go Ransomware

Paying the Go Ransomware ransom may not be the solution to your problem. Unfortunately, however, it is not possible to restore any data that is encrypted by the Go Ransomware attack. Preventive measures should be taken against the Go Ransomware and other encryption ransomware Trojans currently. The best way to ensure that your data is protected is to have backup copies of your files. Backups stored on external memory devices can be used to restore any data encrypted by threats like the Go Ransomware. Therefore, malware analysts strongly advise against paying the ransom amount demanded by the Go Ransomware.

SpyHunter Detects & Remove Go Ransomware

File System Details

Go Ransomware may create the following file(s):
# File Name MD5 Detections
1. msguard.exe 02be4e542a77319c28511abcfb126c4b 8

Related Posts

Trending

Most Viewed

Loading...