McAfee – Threat Advisory for Ransom-Goga
McAfee Labs periodically publishes Threat Advisories to provide customers with a detailed analysis of prevalent malware. This Threat Advisory contains behavioral information, characteristics, and symptoms that may be used to mitigate or discover this threat, and suggestions for mitigation in addition to the coverage provided by the DATs.
Ransom-Goga is a detection for a family of ransomware that on execution encrypts certain file types present in the user’s system. The compromised user has to pay the attacker a ransom to get the files decrypted. Although traditionally ransomware has been known to be distributed via Exploit Kits (EK) and malicious email campaigns, Ransom-Goga is suspected to be distributed via targeted attacks. Attackers may already have access to an organization’s network via prior successful hacking or infection attempts.
Infection and Propagation Vectors
- Currently the infection vector of Ransom-Goga is unknown.
- Most ransomware campaigns typically spread via Exploit Kits and malspam campaigns instrumented via various botnets. However, Ransom-Goga is suspected to be distributed using highly targeted attacks such as brute forcing of RDP connections on unprotected systems in an organization’s network.
- Once the attackers have access to the organization’s network, Ransom-Goga may be deployed to business-critical systems to cause maximum disruption of services and in-turn warrant a considerable ransom.