What is the GonaCry Ransomware Threat?

ransomware

The GonaCry ransomware is a malicious program that encrypts files, alters the filenames, changes the background image, and leaves behind a ransom note. Our experts uncovered it while reviewing submissions to online threat databases.

The ransomware appends a random extension to the encrypted file names, such as changing "1.jpg" to "1.jpg.h954" or "2.doc" to "2.doc.i6as".
The ransom note states that the operating system has been infected with the virus, making all files inaccessible. The hackers behind the attack offer to sell a decryption tool, which they claim will restore the encrypted files and remove the GonaCry malware.

The cost of the decryption tool is $50 and must be paid using the Monero cryptocurrency. The ransom payment must be made using the Monero wallet provided by the attackers.

The GonaCry ransom note in full

The complete contents of the GonaCry ransom note are as follows:

----> GonaCry is multi language ransomware. Translate your note to any language <----
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $50. Payment can be made in Monero only.
How do I pay, where do I get Monero?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Monero.
Many of our customers have reported these sites to be fast and reliable:
Localmonero - hxxps://localmonero.co/

Payment informationAmount: 0.27 XMR
XMR Address: (two alphanumeric strings)

Why is it never a good idea to pay ransom money to hackers operating ransomware similar to GonaCry?

Paying ransom money to hackers operating ransomware similar to GonaCry is never a good idea for several reasons:

  • No guarantee of file restoration: There is no guarantee that the hackers will actually provide the decryption keys or software to restore your files, even if you pay the ransom. Some hackers have been known to disappear with the money without providing any decryption solution.
  • Encourages further attacks: Paying ransom money only encourages the hackers to continue their malicious activities, as it demonstrates that their tactics are effective and profitable.
  • Loss of money: Paying the ransom amount can result in a significant financial loss, especially if the hackers increase the ransom amount or if the decryption solution is not provided.
  • Loss of personal and sensitive information: When making the ransom payment, you may have to provide personal and sensitive information to the hackers, such as your email address and cryptocurrency wallet details, which could be used for further malicious activities.
  • Legal consequences: Paying ransom money may be illegal in some countries and could result in legal consequences.

How can you protect your system from ransomware attacks similar to GonaCry?

Protecting your system from ransomware attacks similar to GonaCry involves several steps. First, it is important to keep your software and operating system up-to-date with the latest patches and security updates. This can help prevent attackers from exploiting known vulnerabilities in your system.

Another important step is to regularly back up your important files and data. This can help you recover your files in the event of a ransomware attack, without having to pay the ransom or rely on the attackers for decryption. You should store your backups on a separate device, such as an external hard drive or cloud storage service, to ensure that they are not compromised during the attack.

Additionally, it is important to be cautious when opening emails and attachments from unknown sources, as these can often contain malware or other malicious files that can compromise your system. You should also avoid visiting suspicious websites, downloading files from untrusted sources, and clicking on links from unknown sources.

Finally, it is a good idea to have a robust security solution in place, such as antivirus software and a firewall, that can detect and block potential threats. This can help prevent the spread of ransomware on your system and protect your files and data from being encrypted.

February 2, 2023
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.