GOGO Ransomware is a New VoidCrypt Offshoot That Encrypts Data


GOGO is a ransomware-type program that belongs to the VoidCrypt ransomware family. It encrypts files and appends them with a unique ID, the cyber criminals' email address, and a ".GOGO" extension. A file originally named "1.jpg" would become "1.jpg.(CW-IB5967382104)(gotocompute@tutanota.com).GOGO".

After encryption, GOGO drops a ransom-demanding message titled "unlock-info.txt" onto the desktop of the victim's computer. The note states that the only way to recover the data is by purchasing decryption tools from the attackers in Bitcoin cryptocurrency. Victims can test decryption on one file for free before paying any money.

The ransom note also warns against taking any actions that could render the data undecryptable or result in increased financial loss for victims. The size of the ransom payment will depend on how quickly contact is established with cyber criminals.

GOGO ransomware is an insidious threat that can cause serious damage to individuals and businesses alike. It is important to be aware of the risks associated with ransomware and to take steps to protect your data from malicious actors. This includes regularly backing up important files, using strong passwords, and keeping your software up-to-date.

The GOGO ransomware full ransom note

The full text of the ransom note used by the GOGO ransomware reads as follows:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail; gotocompute@tutanota.com
Write this ID in the title of your message : -
In case of no answer in 24 hours write us to theese e-mails: gotoremote@onionmail.org
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:

Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Why you should not pay ransomware operators

Paying ransomware hackers is never a good idea. Not only does it encourage them to continue their malicious activities, but there is no guarantee that they will actually provide the decryption tools they promise. In many cases, victims who pay the ransom do not receive any decryption tools or support from the attackers, leaving them with no way to recover their data. Furthermore, paying the ransom does not guarantee that your data won’t be leaked or sold on the dark web.

Additionally, paying ransomware hackers can be financially devastating for individuals and businesses alike. The cost of a ransom can range from hundreds to thousands of dollars, depending on how quickly contact is established with cyber criminals. This money could be better spent on other security measures such as backing up important files and updating software regularly.

In short, paying ransomware hackers should always be avoided if possible. It is far better to take proactive steps to protect your data from malicious actors than it is to try and pay off attackers after they have already encrypted your files.

January 17, 2023