Ransomware has the potential to encrypt a large number of files on a computer and even over a local network, thereby affecting files stored on connected computers. It is not advisable to pay a ransom since it does not guarantee that the threat actors will provide a decryption tool. Free data recovery is unlikely unless victims have a copy of their files or access to a reliable third-party decryption tool. Usually, victims are coerced into paying a ransom to access their encrypted files. The ransom note includes two email addresses: and the ransom note states that a single file, which does not contain any important data, can be sent to the attackers before payment. Otherwise, they must pay the full amount of $980. If they contact the threat actors within 72 hours, they can purchase decryption tools for $490. Screenshot of files encrypted by Goaq ransomware:Īccording to the ransom note, victims are required to pay for decryption software and a unique key to regain access to their files. It's worth noting that Goaq may be distributed alongside other information stealers such as Vidar and RedLine, since it belongs to the Djvu family. It also creates a text file called " _readme.txt" that contains a ransom note.Īs an example, Goaq renames " 1.jpg" to " 1.jpg.goaq" and " 2.png" to " 2.png.goaq". goaq" extension to the filenames of encrypted files. During our analysis of malware samples submitted to VirusTotal, we came across Goaq, a ransomware belonging to the Djvu family.
0 Comments
Leave a Reply. |