Goofed Ransomware

There are many harmful infections users can encounter these days. One of the newest threats cyber criminals have developed is Goofed Ransomware. It seems that it is still in development because it places a ransom note in a folder called test, which many users do not have, after encrypting files on a compromised machine. Of course, it might still cause problems to you because it mercilessly encrypts files stored on affected computers. In this sense, it does not differ at all from other HiddenTear-based ransomware infections. If you do not have the test folder in %USERPROFILE%\Desktop, you will not see a ransom note demanding money because it is dropped to this only folder, but this does not change anything because we still recommend deleting Goofed Ransomware from the system as soon as possible no matter the ransom note is visible or not. It should not be extremely hard to erase this infection from the system because it is not one of those sophisticated threats that make a bunch of modifications on those computers they infiltrate, but, of course, you should still read this report from beginning to end before the removal procedure.

Goofed Ransomware is considered a harmful infection even though it still seems to be in development because it locks users’ files without mercy. Specifically speaking, you will find it impossible to access .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, and .psd files after the entrance of Goofed Ransomware. You do not need to go to check all your files to find out which of them have been encrypted because those locked ones get the .goofed extension appended. If you have the folder called test located in %USERPROFILE%\Desktop, you will also find YOU_DONE_GOOFED.txt dropped there when Goofed Ransomware finishes encrypting your files. This file is the so-called ransom note that demands money from users in exchange for the tool that can decrypt files. The ransomware version analyzed by our specialists demanded 100 USD. This file also contained the Bitcoin address, which clearly shows that cyber criminals behind this ransomware infection expect to get money in the Bitcoin cryptocurrency. Never send money to crooks no matter that your documents or other important files have been encrypted and you can no longer open them because you do not know whether it will be possible to decrypt these files after paying a ransom. Of course, you might not have a chance to unlock your data if you do not purchase the decryptor, but you will, at least, not give your money to malicious software developers for nothing.

Since we already know what to expect from Goofed Ransomware, let’s talk about its distribution. It has not been detected on many computers yet, but specialists suspect that it is spread just like a number of other ransomware infections. Speaking specifically, it should be spread masqueraded as an ordinary file, e.g. a PDF document in spam emails. When users open the malicious attachment, the crypto-threat starts working on their computers right away, i.e. it goes to encrypt their files the first thing following the successful infiltration. We do not say that it is the only distribution method that might be used to spread this ransomware infection. Theoretically, its malicious file might also be disguised as a beneficial application to trick users into downloading and launching it too, so do not download all programs that look like decent software from P2P and other dubious websites. What you should also do if you want to be safe is to enable security software on your computer. You must use only a reputable antimalware tool to ensure your system’s maximum protection.

You cannot fix your data, but you can protect new files you will create someday by deleting Goofed Ransomware fully from your system today. It is not sophisticated malware, so its removal will not be complicated at all. The first thing you need to do is to remove suspicious files downloaded recently to erase the malicious file launched too (if you do not delete it, you might launch the ransomware infection accidentally again). Also, you need to delete YOU_DONE_GOOFED.txt from the test folder located in %USERPROFILE%\Desktop as well (the chances are high that you will not have this folder).

How to remove Goofed Ransomware

1. Open Explorer (tap Win+E).
2. Delete suspicious recently downloaded files (they might be located on Desktop or in the Downloads folder).
3. Delete YOU_DONE_GOOFED.txt if you can find it in the test folder located in %USERPROFILE%\Desktop.
4. Empty Trash.