Gorgon Ransomware

Gorgon Ransomware might be widely distributed since the message it shows is written in three different languages. However, we cannot say how many computers could be infected by this threat. Nevertheless, for those who come across it, our specialists advise reading our full report. Further, we explain how the malicious application works, how it might be distributed, what to do to stay away from similar malware, and how to get rid of it. Moreover, at the end of the article, you can find our prepared deletion instructions that show how to eliminate Gorgon Ransomware manually. Of course, if they appear to be too difficult, we recommend using a reliable antimalware tool of your choice instead. Should you have any questions after reading the report, feel free to leave us a comment below.

Let us start from how Gorgon Ransomware might be distributed. According to our specialists, there are many ways such a threat could be spread, but it is more likely it could travel with Spam emails or malicious setup files. The two mentioned methods are the most popular when distributing any malware, including ransomware applications. To protect the computer from them, you should be extra careful when receiving email attachments or downloading files from the Internet. Whenever in doubt, we advise scanning the file you suspect to be dangerous with a trustworthy antimalware tool. Besides, it is recommendable to download files only from the sources that can be trusted, which means file-sharing sites should be avoided.

The malware should start running the moment the victim opens its launcher. Thus, the encryption process might begin right after Gorgon Ransomware identifies targeted files. Our specialists say the malicious application does not affect data belonging to the operating system or other programs installed on the computer. Such files are left unencrypted not only because they have less value to the user compared to his photos, videos or other data that could be irreplaceable, but also because leaving the computer bootable makes it easier for the victim to view the ransom note. After all, the primary goal for creating such a threat is money extortion. In this case, the hackers demand their victims to pay 0,3 BTC. At the moment of writing it is around one thousand US dollars.

The note with ransom demands should be displayed right after Gorgon Ransomware finishes encrypting user’s private data. They appear on the threat’s window as well as in HTML files placed in the %USERSPROFILE%\Desktop and %HOMEDRIVE% directories. The text is given in Chinese, English, and Korean languages, which suggest the malicious application’s creators hope to infect lots of devices. What’s more, the note may claim the user can send up to three files to get them decrypted for free as a guarantee the hackers have the decryptor they promise to send those who pay the ransom. Keep in mind while this may guarantee they have the needed means, it does not reassure they will share them with you. The malware’s developers may not bother sending them. Also, they may start asking for more money, which is why we do not think it would be a good idea to put up with the demands.

Lastly, Gorgon Ransomware’s victims should know the malware can spy on them as our specialists noticed it trying to collect information from the browser. The data they seek to gather is passwords, browsing history, and similar information. If the malicious application’s developers succeed they could obtain various sensitive data and so we advise removing it as fast as possible. Users who choose to eliminate it manually should complete the steps provided below. Naturally, if the process looks too complicated, you could install a reliable antimalware tool instead. Do a full system scan, and then erase all identified threats at once by pressing the given removal button.

Eliminate Gorgon Ransomware

1. Click Ctrl+Alt+Delete.
2. Choose Task Manager and select Processes.
3. Find a process belonging to the threat.
4. Mark it and click End Task.
5. Exit Task Manager.
6. Click Win+E.
7. Find these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. Locate the malicious application’s launcher.
9. Right-click it and select Delete.
10. Find these locations:
    %HOMEDRIVE%
    %USERSPROFILE%\Desktop
11. Look for ransom notes (e.g., #DECRYPT MY FILES#.HTML), right-click them and select Delete.
12. Exit File Explorer.
13. Empty your Recycle Bin.
14. Restart the computer.