December 22, 2016
If you are infected with this malware, simply download decrypt_gomasom.exe from the following link and save it on your desktop:
In order to find your decryption key, you need to drag an encrypted file and unencrypted version of the same file onto the decrypt_gomasom.exe icon at the same time. So you would select both the encrypted and unencrypted version of a file and drag them both onto the executable. If you do not have an an original version of one of your encrypted files, in our tests you can use a encrypted PNG file and any other unencrypted PNG file that you get off of the Internet and drag them together onto the decrypt_gomasom.exe icon. Once you determine the key used to encrypt one of your files, you can then use that key to decrypt ALL other files on your computer.
To show what I mean about dragging both files at the same time, see the example below. To create the key, I created a folder that contains an encrypted PNG file, a totally different valid PNG file, and the decrypt_gomasom.exe program. I then dragged both the regular PNG file and the encrypted one onto the executable at the same time.
When the program starts, you will be presented with a UAC prompt as shown below. Please click on Yes button to proceed.
The program will now brute force the key for the selected files. This could take some time, so please be patient. When a key was able to be brute forced, it will display it an a new window like the one below.
Decryption Key Found
To start decrypting your files with this key, please click on the OK button. You will then be presented with a license agreement that you must click on Yes to continue. You will now see the main DecryptGomasom screen.
DecryptGomasom Screen listing Encrypted Files
To decrypt the C:\ drive click on the Decrypt button. If there are other drives or folder you wish to decrypt that are not listed, you can click on the Add Folder button to add other folders that contain encrypted files. Once you have added all the folders you wish to decrypt, click on the Decrypt button to begin the decryption process. Once you click Decrypt, DecryptGomasom will decrypt all the encrypted files and display the decryption status in a results screen like the one below.
All of your files should now be decrypted.
Files added by Gomasom:
Registry entries added by Gomasom:
News Courtesy : https://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/