Gorgon Ransomware

What is Gorgon Ransomware?

Gorgon Ransomware is a malicious ransomware infection that targets several regions worldwide. It is very likely that it is possible to decrypt the affected files with a publicly available decryption tool. Therefore, there is no need to panic if this program enters your computer. You can scroll to the bottom of this description for the manual removal instructions, but do not forget to scan your system with a licensed antispyware tool because you have to locate every single suspicious file currently present on your computer and remove it as soon as possible.

Where does Gorgon Ransomware come from?

According to our research team, Gorgon Ransomware happens to be a clone of FilesLocker ransomware. FilesLocker Ransomware has a public decryption tool, and it should be possible to apply it to Gorgon Ransomware, too.

Likewise, the program employs similar distribution patterns, and while it is not possible to pinpoint one exact distribution source, it is always a good idea to know more about ransomware distribution patterns. Gorgon Ransomware most likely comes with spam email or through RDP connection that wasn’t configured well.

This also means that users interact with the installer file first-hand, and they can choose to delete it before Gorgon Ransomware is installed on their computers. So why don’t they do it? That is mostly because the messages that deliver the installer file often look urgent, and users are tricked into believing that they must check the information within the file at once.

Please remember that you can always scan any downloaded file before opening it with a reliable antispyware tool. This way, you would be able to avoid getting infected with the likes of Gorgon Ransomware. On the other hand, if you are not careful about the files you download and open, it is only a matter of time before dangerous programs attack your system.

What does Gorgon Ransomware do?

Seeing how this program displays its ransom note in Korean, English, and Chinese, we can assume that the program targets a wide range of computer users. Also, it is very likely that it tries to infect corporate systems in the regions that use the aforementioned languages. After all, the main targets of ransomware infections are not individual users, but various companies. Ransomware programs often target smaller and medium-sized companies because they are more likely to pay the ransom fee. The general assumption is that smaller companies are less likely to invest in cyber security and, as a result, they may not back up their files. Thus, they will be willing to pay the ransom fee in order to retrieve their important data.

Needless to say, paying the ransom is the last thing you should do because that only encourages cyber criminals to carry on their malicious deeds. Not to mention that there is no guarantee this infection would issue the decryption key, too.

From what we have found, Gorgon Ransomware starts the encryption the moment the infected users launche the malicious executable file. Once the encryption is complete, it appends the .[buy-decryptor@pm.me] extension to the damaged files, but does not change the original filename. Also, when the decryption is complete, it plays the audio that says “your documents, images, databases and other important files have been encrypted.” Gorgon Ransomware also changes the desktop background, and launches the default browser. The program automatically opens three ransom notes in the three languages when the encryption is complete.

Luckily, the program does not create any point of execution, although it tries to harvest and steal your browser’s information (like your browsing history, passwords, and so on). You should not tolerate this infection any longer. The sooner you get rid of Gorgon Ransomware, the better.

How do I remove Gorgon Ransomware?

As mentioned, you should be able to use the public decryption tool intended for FilesLocker to decrypt the files corrupted by Gorgon Ransomware. Please note that you may need the ransom notes for that, so do not remove them when you delete Gorgon Ransomware.

On the other hand, if the public decryption tool doesn’t work and you have all of your files backed up on an external hard drive, you can delete the corrupted files and then transfer the healthy ones back into your computer. Of course, do not forget to remove Gorgon Ransomware and everything related to it from your system before you do that.

Manual Gorgon Ransomware Removal

1. Press Ctrl+Shift+Esc and Task Manager will open.
2. Open the Processes tab.
3. Highlight Gorgon process and click End Process.
4. Open the Downloads folder.
5. Remove the most recently downloaded files.
6. Scan your system with SpyHunter. Download Removal Tool100% FREE spyware scan and
   tested removal of Gorgon Ransomware*