Gomasom Ransomware
Posted: December 22, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 28 |
| First Seen: | December 22, 2015 |
|---|---|
| Last Seen: | July 22, 2021 |
| OS(es) Affected: | Windows |
The Gomasom Ransomware is a file encryptor that scans your hard drive for your files and encrypts them by modifying it with a data-scrambling algorithm that makes these files unable to be read by their programs. As one would assume from its name, the Gomasom Ransomware initiates these attacks in the hope of forcing its victims to pay a ransom fee, but malware researchers recommend using free means of recovering any lost files. However, before any data recovery begins, you should remove the Gomasom Ransomware, like all threatening software, with the anti-malware scanner of your preferred brand.
The Time to Turn Away from Google Mail
The Gomasom Ransomware has its name from using Gmail as its ransom communication platform of choice. This choice is more than superficial, and the Gomasom Ransomware inserts its admin's e-mail address in the names of any files the Gomasom Ransomware attacks. Besides the included e-mail address, the Gomasom Ransomware also appends the '.CRYPT' extension, although, as with similar threats, this supposed file format change is purely cosmetic.
The Gomasom Ransomware conceals its primary files within a 'Microsoft Help' directory and sets its launch for your next Windows login. After being launched, the Gomasom Ransomware scans for files of various types, including executables (.EXE files), and encrypts them. The associated files can no longer open until they run through a similar decryption process, which requires a key specific to the Gomasom Ransomware infection.
PC users are expected to contact the e-mail address seen in their files and pay the threat author for restoring their files. Such a solution runs into the usual obstacles that malware experts warn of: that the associated third-party has no impetus to honor his word, and that many file encryptors like the Gomasom Ransomware possess flaws that make file recovery infeasible in the first place.
Fortunately, current versions of the Gomasom Ransomware uses a decryption method similar to earlier file encryption Trojans, which has led to third parties in the security industry already developing free decryptors. These tools may require significant time to brute force the decryption key from a sample file. However, once the key is acquired, it can be used for restoring all files affected in a given attack.
Taking Your PC Back from a File Kidnapper
By not bothering to use a stronger decryption method or load a specific ransom message for its victims, the Gomasom Ransomware shows off the standard operating procedure of many of the simpler, less professional file encryptors of 2015. However, even a simplistically-coded Trojan may be threatening to your files and the overall security of your computer. Because the Gomasom Ransomware's distribution methods are unknown, malware experts only can warn about previous, common exploits, including e-mail spam, threatening browser scripts, illegal file downloads and obfuscated Web links.
The Gomasom Ransomware's similarity to other file encryptors may mean that the Gomasom Ransomware is the product of a general ransomware development kit. This possibility makes it likely that similar file encryptors may be seen in distribution by different sources soon. Whether you need to remove the Gomasom Ransomware or a similar threat using slightly different tactics, you always should resort to using dependable anti-malware programs.
Common sense backup strategies, such as using cloud server backups, also continue being effective against the encryption attacks used by the Gomasom Ransomware and other Trojans of the same type.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.