14 DAY TRIAL // Users who had the misfortune of getting infected with the Gomasom ransomware can now start sending Christmas gifts to Fabian Wosar, security researcher at Emsisoft, who has managed to create a tool for decrypting files locked by this ransomware.
Compared to other ransomware families, Gomasom is a relatively new face on the malware market, having reared its ugly head only in the last few weeks.
Gomasom, named after "GOogle MAil ranSOM," works by infecting users and then encrypting files, leaving a Gmail address in each file's name, and adding the .crypt file extension at the end.
Mr. Wosar created a tool that users can take advantage of to analyze encrypted files and obtain the decryption key. Once the decryption key is in the user's possession, they can use the same tool to decrypt all their files.
The best decryption results are achieved when the user has access to a file, in both its ransomware-encrypted and original version. If not, then don't worry, because users can take a PNG file encrypted with the ransomware, and compare it to a random PNG file from the Internet. Results may vary for this method, though, and if you have GBs of encrypted data, the decryption process may take some time, even more than a day.
The Gomasom decryption tool is available from Emsisoft's website, and usage instructions can be found on a Bleeping Computer forum thread.
