You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!



  • **
  • 68
  • +26/-0
      • View Profile
How to Restore [filename]!__.crypt Files. Gomasom Ransomware
« on: December 23, 2015, 10:20:09 am »
A new ransomware, dubbed Gomasom by researchers, has been just detected in the wild. Gomasom has features that differentiate it from other ransomware cases we have seen recently. What makes Gomasom distinguishable is its capability to encrypt both user data files and executables. By encrypting .exe files, Gomasom affects the performance of all user applications, making them unworkable. Thanks to this capability, the ransomware becomes even more disastrous.

Added extension to encrypted files: [filename]!__.crypt; an encrypted file would look something like that: [filename].jpg!__[symbols]@gmail.com_.crypt
Why Gomasom? The name derives from GOogle MAil ranSOM. The ransomware operates by infecting users and then encrypting their files, dropping Gmail address in the file’s name, hence its name.

Is decryption possible? Yes, it is. A decryptor has been released by Emsisoft, it is available here:

More information about Gomasom: