Home Malware Programs Ransomware GameOver Ransomware

GameOver Ransomware

Posted: July 19, 2018

The GameOver Ransomware is a file-locking Trojan (that's unrelated to the variant of Keylogger Zeus spyware that shares the name of 'Gameover') that encrypts media for selling the data-restoring decryptor. Users should seek help from members of the cyber-security industry for decryption, if it's required, or use any intact backups for restoring their media. Anti-malware programs also can provide your PC's files by removing the GameOver Ransomware automatically and should detect this Trojan before its attacks commence.

Another Threat Takes a Turn at Telling You that It's 'Game Over'

The name of Gameover is one that, traditionally, has a long association with the Keylogger Zeus, the especially notorious financial spyware. Years later, however, malware researchers see this name in attachment to a new and independent threat: a file-locking Trojan whose attacks have less in common with Gameover's features than they do with those of Hidden Tear or the Jigsaw Ransomware. The GameOver Ransomware is in development, but most of the code it requires for locking data is complete.

The GameOver Ransomware's encryption routine is using a placeholder data instead of an actual algorithm, such as AES, XOR, or RSA, for 'locking' the different files of its victims. Malware researchers are confirming that its filter list is working, however, and indicates that the Trojan is attacking dozens of media formats, including MOV movies, MP4 audio, ZIP archives, PPT PowerPoint presentations, DOCX documents and other, specialized data types. There are no symptoms associated with the file-locking function besides the '.gameover' extensions that the Trojan appends afterward (such as 'picture.gif.gameover').

The Trojan uses a screen-locking variant of a ransoming message: a borderless pop-up window that removes any access to the Windows UI while it shows its English ransoming demands. While the GameOver Ransomware also warns that it can cause additional damage to the Windows operating system, malware experts have been unable to find any features towards this end in the Trojan's most-current build.

Refusing to Play the Games that You Can't Win

Any real attacks from the GameOver Ransomware infections are likely for including functions for denying the user's access to their local backups, such as most typically, the Windows Shadow Copies. Because its encryption method is theoretical entirely, for now, malware experts can offer no evidence on whether or not any files that the GameOver Ransomware locks are retrievable by decrypting them directly. Saving your backups in non-localized and secure locations can give your media a recovery solution that isn't dependent on breaking the GameOver Ransomware's cipher.

The GameOver Ransomware is a Windows program with an executable of just over one hundred kilobytes and may distribute itself over e-mail attachments, torrent-based downloads, or unsafe websites. Brute-force attacks also are commonplace against business sector systems with improper login practices that facilitate the cracking of their passwords. However, the GameOver Ransomware has little protection from any conventional, threat-detecting software, and most anti-malware programs should recognize and delete the GameOver Ransomware.

It's fortunate for malware experts that the GameOver Ransomware is identifiable as a new threat before its campaign begins in earnest. A half-built, file-locker Trojan can take no more than minutes for finishing, and any readers should be grateful for the forewarning.

Related Posts

Loading...