Gollum Ransomware Removal Guide

Do you know what Gollum Ransomware is?

Gollum Ransomware is a malicious threat that appends the .gollum extension to all of its encrypted files. Our computer security specialists report the malware targets user’s photos, pictures, archives, videos, various documents, and other personal data alike. Also, it looks like after encrypting it the malicious program is supposed to show a ransom note in which the infection’s creators should demand their victims to pay 300 pounds if they wish to restore encrypted files. However, we do not think it would be wise as there are no reassurances the cybercriminals have the means to decrypt your data. Not to mention, they may not bother to deliver it. Thus, it seems to us those who do not want to risk losing their money for nothing should ignore the ransom note and get rid of Gollum Ransomware at once. Completing this task might be easier if you follow the removal guide available below or pick a reputable antimalware tool of your choice. For users who would like to find out more details about this infection, we recommend reading the article first.

So far there is no information on how Gollum Ransomware is distributed. Nevertheless, our computer security specialists suspect the malware’s installer could be spread via infected email attachments or suspicious installers downloaded from untrustworthy file-sharing web pages. Therefore, for those who do not want to encounter such malicious applications, we recommend staying away from suspicious emails and other data downloaded from the Internet. Another thing we would suggest is installing a reputable antimalware tool. Provided, you keep it active, and up to date, it is possible it could recognize various threats and stop them from entering the system before they have the chance.

One way or the other if Gollum Ransomware infects the device it should immediately begin locking all user’s photos, videos, and other personal files it may find on the computer. An exception should be made for the data belonging to the operating system or other programs the victim might have. What seems to be unusual for such an infection is while encrypting user’s files it might also attempt to steal user’s cryptocurrency wallets or private information. Our specialists could not test if this feature works, but it is entirely possible it might, and in such case, it would be advisable to erase the malware before it manages to steal something valuable.

Furthermore, after the encryption process the malicious application should show a ransom note asking to pay 300 pounds if the user wants to restore his files back to the way they were before they got the second extension (e.g., daisy.jpg.gollum). As explained before, we do not recommend putting up with any demands as you could get scammed. What we advise is deleting Gollum Ransomware either while following the removal guide placed below or a reputable antimalware tool. Lastly, it is important to mention; all encrypted files can be replaced with backup copies, so users who have backup copies could use them to restore their data as soon as the computer is clean and secure again.

Eliminate Gollum Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Go to the Task Manager.
  3. Find the malware’s process.
  4. Mark this process and click End Task.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Navigate to:
  8. See if you can locate an executable file launched before the computer got infected, e.g., Launcher.exe.
  9. Right-click the malicious file and press Delete.
  10. Then go to %TEMP%
  11. Look for an executable file that could be named Network.exe.
  12. Right-click it and select Delete.
  13. Delete the infection’s created text document called ARE_YOU_WANNA_GET_YOUR_FILES_BACK.txt.
  14. Close File Explorer.
  15. If there were any storages attached to the device, check them for suspicious files that could be created by the malware and erase them too.
  16. Empty Recycle bin.
  17. Reboot the system.

In non-techie terms:

Gollum Ransomware, also known as Bitshifter Ransomware, is a malicious application that can ruin all victim’s private files. To be more precise, the threat encrypts the user’s data with a strong encryption algorithm making it impossible to open the affected data without particular decryption tools. The idea behind this scheme is to make the user pay a ransom. In exchange, the hacker may promise to decrypt the files or send the necessary means for the user to be able to unlock them himself. Unfortunately, there is not knowing if these people have what they offer or if they will bother to deliver. In other words, paying the ransom could be a waste of your money, and in the end, you might be unable to decrypt your files. This is why instead of risking one’s savings our computer security specialists advise erasing the malware. To eliminate it manually users could follow the removal guide available slightly above this paragraph. The second option is to install a reputable antimalware tool and scan the computer with it.