GoTiS Ransomware Based on Xorist

Our research team detected the GoTiS ransomware during a routine examination of new file submissions. This malicious software is affiliated with the Xorist ransomware family and operates by encrypting data, demanding ransoms for decryption.

In our testing environment, GoTiS encrypted files and added a ".GoTiS" extension to their filenames. For instance, a file named "1.jpg" transformed into "1.jpg.GoTiS," and "2.png" became "2.png.GoTiS," and so forth.

Upon completing the encryption process, GoTiS generated identical ransom notes displayed on the desktop wallpaper, in a pop-up window, and within a text file named "HOW TO DECRYPT FILES.txt." The ransom note communicates to the victim that their files are now encrypted, and the decryption key and software can be obtained for a cost of 0.04 BTC (Bitcoin cryptocurrency). As of the current writing, this ransom is valued at approximately 1400 USD, bearing in mind that exchange rates are subject to constant fluctuations. Following the transfer of Bitcoins, the victim is directed to contact the attackers.

GoTiS Ransom Note Demands 0.04 BTC

The full text of the GoTiS ransom note reads as follows:

Hello,

All your files have been encrypted.
To decrypt them, you must make a payment of 0.04 bitcoins.

Ensure that you send the 0.04 bitcoins to the following address:
(alphanumeric string)

If you don't own bitcoin, you can easily purchase it from the following sites:

www.coinmama.com
www.bitpanda.com
www.localbitcoins.com
www.paxful.com

For a more extensive list, please visit:
hxxps://bitcoin.org/en/exchanges

Once the bitcoin has been sent, contact me at either of these email addresses:
gotis1@skiff.com
gotis@onionmail.org
Use this subject: GOTIS004-ID-PCIS05301004
For a good communication experience,
kindly create an account on skiff.com and get in touch with us.

After the payment is confirmed, you will receive the decryptor and decryption keys.
Additionally, you will be provided with information on how to safeguard against future ransomware attacks, including details about the security vulnerability through which we gained access.

How Can You Protect Your Data from Ransomware Attacks?

Protecting your data from ransomware attacks requires a combination of proactive measures and best practices. Here are some essential steps to help safeguard your data:

Regular Backups:
Regularly back up your important data. Automated and frequent backups ensure that you have recent, uncorrupted copies of your files.
Store backups in a location that is not directly accessible from your computer or network. Cloud storage or offline backups are recommended.

Update Software:
Keep your operating system, antivirus software, and all applications up-to-date. Regularly applying security patches helps protect against known vulnerabilities.

Security Software:
Install reputable antivirus and anti-malware software. Ensure that it provides real-time protection and regularly update its virus definitions.

Email Security:
Use email filtering solutions to block or quarantine suspicious emails. These solutions can help identify and prevent phishing emails that may carry ransomware.