GOTCHA Ransomware

The GOTCHA Ransomware Trojan is a particularly sophisticated ransomware threat that has been used to compromise the victims' data. The GOTCHA Ransomware, like most encryption ransomware Trojans, is designed to take the victim's files captive, encrypting them with a powerful encryption algorithm, and then demanding that the victim pay a large ransom for the return of the compromised data. Computer users need to take steps to protect their data from threats like the GOTCHA Ransomware, including the use of file backups and a security scanner that is fully up-to-date.

How You can Be Infected with the GOTCHA Ransomware

The GOTCHA Ransomware Trojan can be distributed in a wide variety of ways, which may include other malware and social engineering tactics. The most common way of infecting your computer with the GOTCHA Ransomware is through the use of corrupted spam emails, which use embedded macro scripts to download and install the GOTCHA Ransomware onto the targeted computer. Once the victim's PC has been compromised, the GOTCHA Ransomware will use the AES and RSA encryption to make the victim's files inaccessible. The GOTCHA Ransomware marks the files that are encrypted by its attack with the file extension '.gotcha,' which is added to the end of each affected file's name. The GOTCHA Ransomware targets the user-generated files, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

After encrypting the victim's files, the GOTCHA Ransomware delivers a ransom note in the form of a text file named '!Gotcha!.txt,' which alerts the victim of the attack and demands a ransom payment. For the ransom, the victims are asked to contact the criminals via a provided email and pay a 'small fee,' which generally costs several hundred or thousand US dollars and paid in Bitcoin.

Dealing with a GOTCHA Ransomware Attack

Computer users are prompted to avoid paying the GOTCHA Ransomware ransom or contacting the criminals responsible for this attack. Doing this only allows the criminals to continue financing these attacks and increases the likelihood that you will become a victim of additional tactics and malware infections. Also, it is very unlikely that the criminals will keep their work and restore the affected data. The best protection against threats like the GOTCHA Ransomware is to have file backups. This allows the victims of the GOTCHA Ransomware attack to restore their data and takes away the criminals' leverage to make ransom demands from their victims.