Threat Database Ransomware Gorgon Ransomware

Gorgon Ransomware

By GoldSparrow in Ransomware

The Gorgon Ransomware is an encryption ransomware Trojan that was first observed on January 27, 2019. The Gorgon Ransomware carries out a typical encryption ransomware attack, taking the victims' files hostage and then demanding a ransom payment. It is critical that computer users take precautions against the Gorgon Ransomware and similar threats to keep their data safe from infection.

The Gorgon that is After Files

The Gorgon Ransomware arrives on a victim's computer through corrupted spam email attachments, which often take the form of Microsoft Word documents with embedded macro scripts that download and install the Gorgon Ransomware onto the victim's computer. The Gorgon Ransomware will use the AES encryption to make the victim's files inaccessible. The Gorgon Ransomware targets the user-generated files, which may include numerous media files, documents, databases, configuration files and others. Some examples of the user-generated files that threats like the Gorgon Ransomware will target in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Gorgon Ransomware attack marks the affected files with the addition of the string '.[]' to each affected file's name.

The Gorgon Ransomware’s Ransom Demands

The Gorgon Ransomware demands a ransom payment. To do this, the Gorgon Ransomware displays a program window that is named 'Gorgon.' The victim's desktop image also is changed into a ransom message. Both ransom notes contain the following message:

'Gorgon Ransomware
All your important files have been encrypted!
If you want to decrypt your files
Please read the '#DECRYPT MY FILES#.html'

The victims need to pay a ransom of 0.3 BTC (approximately 1,000 USD at the current exchange rate) if they want to have their data back. Computer users are instructed to avoid contacting the criminals responsible for the Gorgon Ransomware attack or following the instructions in the Gorgon Ransomware's ransom demand.

Protecting Your Data from Threats Like the Gorgon Ransomware

Unfortunately, once the Gorgon Ransomware has compromised the files, they can no longer be recovered without the decryption key. Therefore, the best measure against threats like the Gorgon Ransomware is to take preventive actions. The best preventive action is to have backup copies of all your files. These backups should be stored on the cloud or an external memory device. Having the capability to restore any affected file from a backup copy removes the criminals' leverage. Apart from having file backups, a reliable security program should be installed and running, and be used to intercept the Gorgon Ransomware before it carries out its attack.


Most Viewed