GoCryptoLocker Ransomware
The GoCryptoLocker Ransomware is a file-locking Trojan that can encrypt files on your PC according to their formats and size. Some versions of this threat include a hard-coded password, although users still should have backups for preserving any valuable work. Updated anti-malware products also may protect your PC by flagging this threat during the download attempt or uninstalling the GoCryptoLocker Ransomware automatically.
Possible Costly Problems Coming from Totally Free Software
GitHub is close to being a cornucopia full of software, whether the Web surfers perusing it are doing so for legal or mischievous purposes. The WellMess RAT campaign, the EvilEgg backdoor Trojan, and other threats with various payloads and motivations turn the free programming knowledge on that hosting site into attacks against innocent PC users actively. The GoCryptoLocker Ransomware is one of the newer cases available to malware experts, with a threat actor testing out its suitability for ransoming files.
The GoCryptoLocker Ransomware targets Windows systems with an AES and RSA encryption routine, similarly to any stereotypical RaaS. However, the formats it blocks with this encryption are arbitrary, and threat actors may choose between data types like documents, pictures, or even program executable at will. The GoCryptoLocker Ransomware also includes a filesize cap that would prevent it from taking too long with excessively-large data during its attack.
By default, the Trojan appends 'GEnc' extensions onto files without removing the default extensions (so, for instance, 'picture.jpg' becomes 'picture.jpg.GEnc'), although threat actors may modify this behavior. More interestingly, malware researchers confirm the GoCryptoLocker Ransomware's omitting the standard ransoming message via text or a Web page. Instead, the GoCryptoLocker Ransomware generates pop-ups, complete with a password option. The samples available on general-purpose threat databases also imply that a threat actor is preparing a variant of the Trojan for a 'real' campaign and the extortion that comes with it.
Taking the 'Go' Out of a Prepping Trojan
The GoCryptoLocker Ransomware is for Windows only currently. However, its programming language of choice is Go or Golang, which makes for likely compatibility with other OSes. Malware researchers haven't caught samples active in the wild or noted any live attacks, but recommend treating this file-locker Trojan as being potentially active soon. Infection vectors like e-mail attachments, updates from unofficial sites, and torrents should receive careful handling from Web surfers on PCs with any critical media.
The password for the unmodified version is 'qwerty123,' although readers may anticipate changes to it in any future campaigns. Since passwords are easily changeable, users can better protect their documents, pictures, and other work through backups that provide recovery, whether or not the GoCryptoLocker Ransomware offers a decryptor. For optimal safety, there always should be one or more backups on a second device, and preferably, one that's detached or password-protected.
A trustworthy anti-malware product should delete the GoCryptoLocker Ransomware accurately as a threat. Preferably, most users will have active security services at the time of infection for intercepting the Trojan before encryption occurs.
Picking one 'freeware' Trojan out of the Web is like choosing one grain of sand on the beach. Since someone finds the GoCryptoLocker Ransomware worthy of picking up, it's also worth some caution to any readers still unaware of the dangers of encryption.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.