The Bitdefender Free Decryption Utility for GoGoogle Ransomware is a standalone, complimentary security tool developed by Bitdefender Labs to help victims restore files compromised by the GoGoogle malware family. First released in May 2020, the tool provides a safe mechanism to recover data without paying a financial ransom to cybercriminals. Threat Overview
Malware Characteristics: GoGoogle (also known as BossiTossi) emerged in April 2020 and is written in Golang (Go), a coding language increasingly favored by ransomware operators.
Target Files: It targets data on compromised systems, renaming files and appending the .google extension to them.
Dual Encryption Method: The ransomware utilizes two completely distinct cryptographic behaviors depending on the original size of the data:
Files larger than 1MB: Encrypted using a simpler XOR-based methodology.
Files smaller than 1MB: Encrypted using robust RSA-1024 public-key cryptography. Tool Functionality & Constraints
Decryption Scope: The Bitdefender utility specifically addresses and successfully unlocks data encrypted with the XOR method (files over 1MB).
File Corruption Risk: Users should note that certain iterations of GoGoogle are documented to inherently corrupt and permanently alter specific file types that are under 2MB, making pristine recovery difficult for those specific items regardless of the utility used.
Deployment Options: The software functions locally without requiring an active internet connection. It features a graphical user interface (GUI) for casual users, alongside a command-line interface that allows network administrators to run automated, silent operations across corporate environments. Execution Instructions
If your system is affected, the recovery process involves the following operational steps:
Acquire the Executable: Download the utility directly from verified cybersecurity portals like the No More Ransom Project or official Bitdefender servers.
Launch with Privileges: Execute the file BDGoGoogleDecryptor.exe on the affected operating system and grant standard User Account Control (UAC) administrative permissions.
Configure File Backup: Before starting the decryption loop, always ensure the “Backup files” option is enabled inside the tool’s interface to preserve the encrypted data if an unexpected system failure or structural conflict occurs.
Identify the Pairs (Optional): To assist the scanning process, it is recommended to provide a test folder with clean and encrypted versions of the exact same file to help the tool map out encryption parameters accurately.
Scan and Recover: Choose whether to target specific system paths or run a comprehensive storage drive sweep, then click Scan to finalize file restoration. GoGoogle Decryption Tool – Bitdefender
Leave a Reply