Gollum Ransomware

Those who are familiar with the character named Gollum from the Lord of the Rings books and movies know he is not a nice character and unfortunately, Gollum Ransomware is not a helpful application either. It is a malicious file-encrypting program that can ruin user’s files in a couple of moments. The bad news is the only way to get them back is to obtain a unique decryption key, and it is available only to the malware’s developers who will no doubt offer it in exchange for a ransom. What’s even worse, making the payment does not guarantee the hackers will deliver what they may promise as there are situations when users get scammed. Naturally, if you do not want this to happen to you, we would advise you not to risk your savings. Instead, our researchers recommend erasing Gollum Ransomware and replacing the encrypted files with copies you could have on cloud storage, removable media devices, etc. To learn more about this malicious program, you should read the rest of the article, and if you want to know how to delete it manually, you should check the instructions provided at the end of this text.

The malware might be spread with infected installers, email attachments, and so on. Usually, it is the user himself who accidentally opens the launcher and infects the computer. However, our researchers say threats like Gollum Ransomware are also often spread through unsecured RDP connections or other system vulnerabilities. Therefore, to protect the system against similar malicious programs users should not only stop opening suspicious data, but also remove all possible weaknesses. For instance, it could be done by updating all the outdated software installed on the computer or changing all weak and old passwords that might be at risk of being hacked. Besides, it would be smart to acquire a reliable antimalware tool because it might be able to guard the system from threats you could encounter without realizing it.

The fastest way to recognize Gollum Ransomware is to take a look at the encrypted files as they should have the .gollum extension at the end of their titles, for example, cats.jpg.gollum, short_story.pdf.gollum, and so on. According to our researchers, the malicious program targets only private data, which means all program files should be left unencrypted. Such threats often focus on private records so the computer would be bootable and they could display ransom notes. Plus, program files can be replaced while photos, pictures, or other precious data the victim might have on the computer could be irreplaceable. In which case, the computer’s owner might be willing to pay a ransom. In this case, the malware’s developers should ask for 300 pounds. To pay the ransom users are supposed to exchange the mentioned sum into Bitcoins and transfer it to a specific Bitcoin wallet mentioned in the ransom note; it should be named ARE_YOU_WANNA_GET_YOUR_FILES_BACK.txt.

No matter, what the ransom note may promise, we advise users not to trust it as there is not knowing what the hackers behind Gollum Ransomware might do. Since they can take the money without providing the means to decrypt one’s data, it is entirely possible users could get tricked. As we said earlier, those who have backup copies could restore the encrypted data with no trouble, although for safety reasons we would highly recommend removing Gollum Ransomware first. Another reason to erase the threat is it might have a function for stealing user’s cryptocurrencies or even sensitive information, which means the malicious program could endanger your privacy and your savings as well.

If you decide you do not want to waste your money for decryption means you may never get, you should delete the malware at once. To eliminate it manually users should use the instructions located at the end of the article. Of course, if they appear to be too complicated, the user could acquire a reliable antimalware tool and use its automatic features to get rid of Gollum Ransomware instead.

Remove Gollum Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find the malware’s process.
4. Mark this process and click End Task.
5. Exit Task Manager.
6. Press Win+E.
7. Check the following paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. Locate the malware’s installer (file opened before receiving the threat, for example, Launcher.exe).
9. Right-click the suspected file and pick Delete.
10. Navigate to %TEMP%
11. Search for a malicious executable file, for example, Network.exe; right-click it and press Delete.
12. Go to your Desktop and remove the text document called ARE_YOU_WANNA_GET_YOUR_FILES_BACK.txt.
13. Close File Explorer.
14. Check all flash drives and other storage attached to the infected computer and erase all suspicious executable files from them.
15. Empty Recycle Bin.
16. Restart the system.