Gollum Ransomware

What is Gollum Ransomware?

Gollum Ransomware, also known as Bitshifter Ransomware, is a malicious application that locks files on victims’ computers. It is a typical ransomware infection that has been designed to encrypt data. There is only one thing that distinguishes it from other ransomware-type infections – it has been observed that it might also try to steal cryptocurrency wallets and some other personal information. In other words, it makes files unusable and, on top of that, it works as an info-stealer. If you have opened this report because you have encountered this malicious application, make sure you erase it from your system because it might be launched again incidentally and lock all your new files. It will not need your permission to do this. Ransomware infections are one of the nastiest malicious applications that are available on the market, but, luckily, Gollum Ransomware does not seem to be anywhere near sophisticated malicious software, i.e. it does not block system utilities, does not drop a bunch of different components, and it does not make any changes in the Run registry key, so you should be able to delete it from the system manually quite easily. Unfortunately, none of your files will be decrypted.

What does Gollum Ransomware do?

No matter how Gollum Ransomware is called – it acts the same in all the cases. Once installed on the user’s computer, it locks files right away with a strong cipher leaving no chance for users to unlock them without the special decryptor. All encrypted files get the .gollum filename extension, so you will definitely notice which of your files have been encrypted by this threat. You should also be able to find ARE_YOU_WANNA_GET_YOUR_FILES_BACK.txt dropped on your computer. This file is a ransom note the ransomware infection leaves for users to inform them that they could unlock their files only if they agree to pay a ransom of £300 to cyber criminals. Users are given a limited time to make a payment, so if you decide to purchase the decryptor, do not wait too long. If you ask us, we do not think that sending money to cyber criminals is what users should do. Even though the author of Gollum Ransomware promises to unlock files automatically once the money is received, nobody knows whether your files will be unlocked. It would not be the first time the victim pays for nothing.

You will not find a free decryptor to unlock your files with on the web, but it is not a problem at all if you have backed up your files regularly because you could now restore those encrypted files without difficulty. To prevent unlocked files from being encrypted by Gollum Ransomware again, you should first delete this infection from your computer before you restore your files from a backup.

Where does Gollum Ransomware come from?

Our specialists do not have enough information to make final conclusions about the distribution of Gollum Ransomware; however, they are 99% sure that it will be primarily distributed via malicious email attachments as well. It is one of the most popular ransomware distribution methods. Of course, it does not mean that cyber criminals cannot spread this threat in a different way too, for example, upload it to a file-sharing website for users to download it on their PCs themselves. It is not always easy to prevent infections from entering the system because it is simply not a piece of cake to notice that malware tries to slither onto the computer. Therefore, we say that it is a must to acquire a reliable antimalware scanner and keep it installed on the system. Be cautious – there are hundreds of fake scanners that will only install malware without your knowledge.

How to remove Gollum Ransomware

Unfortunately, you will not decrypt your files by deleting the ransomware infection from your computer; however, we still want to encourage you to remove it as soon as possible so that it could not lock more personal files. It is not a problem if you have not deleted any malicious application before – follow our instructions. Malicious software can also be erased automatically, but you will need to acquire a special automated malware remover first.

Gollum Ransomware removal guide

1. Press Win+E.
2. Go to %TEMP%.
3. Delete Network.exe.
4. Remove ARE_YOU_WANNA_GET_YOUR_FILES_BACK.txt dropped on your computer.
5. Delete all suspicious files you have downloaded recently on your computer.
6. Check your USB flash drive if it is connected to your PC.
7. Delete Launcher.exe if you can locate it.
8. Empty Trash.
9. Scan your system with an antimalware scanner to leave no traces of malware. Download Removal Tool100% FREE spyware scan and
   tested removal of Gollum Ransomware*