Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Gopher Ransomware (.gopher)

  • Distribution Method : Unknown
 
  • MD5 : 89ff23c08eb252e771150b5c5b345ba1
 
  • Major Detection Name : Behavior_Ransom/Win32.BADGOPHER.C4372505 (AhnLab V3), Ransom-Gopher!89FF23C08EB2 (McAfee)
 
  • Encrypted File Pattern : .gopher
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\Desktop\BAD_GOPHER.txt
     - C:\Users\%UserName%\Desktop\Restore Your Files.exe
     - C:\Users\%UserName%\BAD_GOPHER.txt
     - C:\Users\%UserName%\BAD_GOPHER_USER_WALLPAPER.jpg
 
  • Payment Instruction File : Restore Your Files.exe
 
  • Major Characteristics :
     - Offline Encryption
     - Disable system restore (wmic shadowcopy delete, vssadmin delete shadows /All /Quiet)
     - Encryption guide using Text-to-Speech (TTS) function
     - Changes desktop background (C:\Users\%UserName%\BAD_GOPHER.jpg)

List

위로