Gomme ransomware virus encrypts files, wants $25 as a ransom
Gomme ransomware is a malicious virus that has been spotted by security researchers at the end of May 2017. It is a file encrypting program that demands $25 in exchange for data decryption key. After hijacking the target system, the ransomware starts data encryption procedure, during which it corrupts victim’s files and adds .gommemode extension to each of them. The ransomware connects to hxxp://fatulatti.pro/gommeransom/btc.txt to get the Bitcoin address, which is 3FryHKYhynqDYHr24kFaoBWGW9ghzsTwMP. A ransomware author is a person who goes by the name of Fatulatti, and he claims that the ransomware “would never reach the public because it was for fun.[1]” Sadly, it doesn’t deny the fact that the ransomware is dangerous and can wreak havoc on targeted computers. If you were attacked by this or a modified version of the ransomware, do not pay the ransom because files can be decrypted. Before you try to recover your files, remove the ransomware using FortectIntego.

Malware researchers noticed a new trend of creating low-level ransomware[2], and although some think that such viruses are not dangerous, we tend to think that they can be even more dangerous than ransomware developed by professionals. It is so because inexperienced programmers can easily make mistakes and cause irreversible damage to target computer system. For this reason, you must protect your PC with a powerful anti-malware software and regularly create data backups. Data backups can save your files in case the real ones get encrypted/deleted. However, if the ransomware has already corrupted your files, try suggested data recovery methods (provided below the article).

Ransomware distribution methods
Ransomware viruses, at least the majority of them, are distributed via malicious spam. If you do not want to be infected, you should try to stay away from suspicious documents sent to you via email. If somebody you do not know attempts to send you .zip, .js, .docm or similar files, do not open them unless you are 100% that a sender is a trustworthy person. Cyber criminals sometimes try to trick victims into opening provided email attachments or URLs by using many logos and names of well-known companies (Amazon, PayPal, FedEx, etc.). However, you should know that there can be no additional dots or hyphens in companies official email, so if you received a letter from someone who uses johhny-official@amazon-support-email.com or similar email address, chances are high that someone is trying to scam you. Do not interact with the content of such letters in any way and delete them from your inbox ASAP.
The right way to delete Gomme ransomware
If your files were corrupted, you must remove Gomme virus before taking any further actions. We highly recommend deleting the virus with a help of anti-malware software like FortectIntego. You can also find more options in the Software page. Before you start the removal, you need to be sure that the ransomware won’t try to interrupt you or stop your anti-malware tool. For this reason, you should firstly reboot the compromised PC into Safe Mode with Networking as explained below.
Was this guide helpful?
Be the first to comment