SensorsTechForum - How to Technology and PC Security Forum

PC Security and Protection => Malware Removal Questions and Guides => Topic started by: mcinn on December 23, 2015, 10:20:09 am

Title: How to Restore [filename]!__.crypt Files. Gomasom Ransomware
Post by: mcinn on December 23, 2015, 10:20:09 am
A new ransomware, dubbed Gomasom by researchers, has been just detected in the wild. Gomasom has features that differentiate it from other ransomware cases we have seen recently. What makes Gomasom distinguishable is its capability to encrypt both user data files and executables. By encrypting .exe files, Gomasom affects the performance of all user applications, making them unworkable. Thanks to this capability, the ransomware becomes even more disastrous.

Added extension to encrypted files: [filename]!__.crypt; an encrypted file would look something like that: [filename].jpg!__[symbols]@gmail.com_.crypt
 
Why Gomasom? The name derives from GOogle MAil ranSOM. The ransomware operates by infecting users and then encrypting their files, dropping Gmail address in the file’s name, hence its name.

Is decryption possible? Yes, it is. A decryptor has been released by Emsisoft, it is available here: http://emsi.at/DecryptGomasom

More information about Gomasom: http://sensorstechforum.com/remove-gomasom-ransomware-and-restore-crypt-files/