What is GrodexCrypt?
GrodexCrypt is first discovered by malware security researcher, Jakub Kroustek, and it is basically an updated version of a ransomware-type virus called MIRCOP. Once this virus infiltrated into your computer system, GrodexCrypt encrypts various files and prepends filenames with “Lock.” (for instance, “sample.jpg” is renamed to “Lock.sample.jpg“). Following successful encryption of the files, the virus then opens a pop-up window that mainly contains a ransom-demand message.
The pop-up notifies victim that files are encrypted and that victims must pay to restore and unlock them. It is currently unknown whether GrodexCrypt uses symmetric or asymmetric cryptography, however, in either case, GrodexCrypt decryption requires a unique key that only the developers know. Usually, the criminals store this key on a remote server and victims are encouraged or convinced to pay a ransom to receive it. It cost the GrodexCrypt decryption of $50 in Bitcoins. Although this fee is relatively small as compared to other ransomware which normally costs usually fluctuates between $500 and $1500, you should never pay it because it’s no guarantee that they will restore your files after payment has been made. Researchers show that cyber criminals often ignore victims, once payments has been made. Paying does not guarantee that your files will ever be decrypted or that you can recover them – there is a high probability that you will be scammed only. So never ever trust cyber criminals. Luckily, there are tools that are capable of restoring files encrypted by GrodexCrypt. Thus, there is no need to pay any ransom. If, however, your computer has been infected with undecryptable ransomware, you can restore your files/system from a backup.
Screenshot of a message encouraging users to pay a ransom to decrypt their infected or encrypted data:
There are a number of ransomware-type viruses virtually identical to GrodexCrypt including Im Sorry, File Informer, and R3store – these are just a few of the examples from many. As with GrodexCrypt ransomware, these malware infections also encrypt files and make ransom demands, basically this is what they’re purposely made for-to make money out of it. The only major differences are size of ransom and type of encryption algorithm if it’s symmetric or asymmetric being used. As mentioned above, cryptography requires a decryption key to restore files and manulayy manually doing it is impossible.
How did ransomware infect the computer?
Ransomware-type viruses are often distributed through spam emails with malicious attachments or from unknown sources, third party software download sources especially those freeware download websites, free file hosting websites, torrents, etc., fake software updaters, and trojans. Take not that the malicious attachments are often malware-downloading JavaScript files or MS Office documents with rogue macros. More over, unofficial software download sources often proliferate and injected with malicious executable files that are presented as legitimate software, and often criminals also attempt to exploit outdated software bugs/flaws to infect the system.
Protection against ransomware infections
It is better to take precautions than getting deceived and get infected, so never open files received from suspicious emails or download software from unofficial or unknown sources. Furthermore,you should also keep your installed applications up-to-date and use only a legitimate anti-virus/anti-spyware suite to prevent infection. Bear in mind, however, that criminals proliferate malware through fake updaters, so, using third party tools to update installed apps is very risky and you should also be cautious to that. Poor knowledge and careless behavior are the main reasons for computer infections so better equip yourself with information that could help you understand everything about the techie world. But the key to computer safety is simply caution.
Text presented within GrodexCrypt pop-up:
“our computer files have been encrypted. Your photos, videos, documents, etc….
But, don’t worry! You can still save your files.
You have 48 hours to pay 50 USD in Bitcoins to get the decryption key.
After 48 all the files will be deleted and the decryption key will be destroyed.
If you do not have bitcoins Google the website buybitcoinworldwide or localbitcoins
Purchase 50 American Dollars worth of Bitcoins.
Send to the Bitcoins address specified.
Within minutes of receiving your payment your computer will receive the decryption application and return to normal.
Try anything funny and the decryption key will be destroyed along with your whole computer.
As soon as you have paid, please send email to [email protected] with your unique code: “7C8” as we receive the email we will send you the decryption application.
Thank you
How to pay us in bitcoins:
Useful site: buybitcoinworldwide.com
1. Visit the site above
(2. Login or create an account if necessary.)
3. Buy the amount of bitcoins (50USD in BTC) you need to pay and send them to the address given in this window.
(4. You can go to blockchain.info and search for your address to see whether the bitcoins are received.)
5. If the bitcoins are on the address, send email to [email protected] and we will send you the decryption application.
6. Your decryption application is now received, just run it and it will start decrypting your files.
7. Your files will be restored and the program will delete itself.
Q: Is it possible to decrypt my files without paying?
A: No
Q: What if I try to remove this software?
A: Your decryption application will be destroyed and
all of your files will be deleted
Q: What if I dont have bitcoins?
A: We have clear instructions how to buy bitcoins and
send them to us.”
How To Remove GrodexCrypt Ransomware Virus From Your PC
Step 1 – Boot your computer in Safe mode.
Reboot in Safe Mode for All Versions:
How to Boot Windows in Safe Mode to isolate Malware
For Windows XP, Vista and Win 7
- Restart your PC using the Start Menu after removing all CDs and DVDs
- Press F8 repeatedly until boot screen does not shows up on the screen. In case if you have missed it, repeat the same step again.
3. Now Select the Safe Mode option using the Arrow keys as soon as Advanced Boot Options appear on the Screen.
4. Now Once the Selection is made, Press Enter
For Windows 8 and 8.1
Press on Start button, then Select Control Panel
Now Choose System and Security —> Administrative Tools —> System Configuration.
Now Select on Safe Mode from the list and Click on OK.
Windows 10
Step 1: Click on the Start Menu
Step 2: Hold down Shift Button, Click on Power and then press on Restart button
Step 3: Now Choose Troubleshoot >> Advanced Option >> Startup Settings
Step 4: Now Click on Restart Option
you need to Select on Safe Mode to Restart your Windows Computer.
Step 2 – Remove the infected registry entry files.
- Click Windows Flag and R button together.
- Type “regedit” and click OK button
- Find and delete following entries.
HKEY_LOCAL_MACHINESOFTWAREsupWPM
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWpm
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Default_Page_URL”
HKEY_LOCAL_Machine\Software\Classes\[GrodexCrypt Ransomware]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\[GrodexCrypt Ransomware]
Step 3 – Remove From msconfig
- Click Windows + R buttons simultaneously.
- Type msconfig and press Enter
- Go to Startup tab and uncheck all entries from unknown manufacturer.
Step 4 – Restart your computer normally.
Check your computer now. If the virus has gone then you can start using your computer. If the infection still remains then head to the next step.
Step 5 – System Restore
- Insert Windows installation disk to CD drive and restart your PC.
- While system startup, keep pressing F8 or F12 key to get boot options.
- Now select the boot from CD drive option to start your computer.
- Then after you will get the System Recovery Option on your screen.
- Select the System Restore option from the list.
- Choose a nearest system restore point when your PC was not infected.
- Now follow the option on your screen to Restore your computer.
If the above manual methods didn’t removed GrodexCrypt Ransomware virus then you have only option to remove infection using a malware removal tool. It is last and the only option that can easily and safely remove this nasty threat from your computer.
Use an anti-malware program
We recommend using SpyRemover Pro, a highly effective and widely used malware removal program to clean your computer of GrodexCrypt Ransomware. In addition to GrodexCrypt Ransomware, this program can detect and remove the latest variants of other malware.
SpyRemover Pro has an intuitive user interface that is easy to use. To get rid of GrodexCrypt Ransomware, the first step is to install it, scan your computer, and remove the threat.
To remove GrodexCrypt Ransomware from your computer using SpyRemover Pro, you need to perform the following steps:
Basic steps of SpyRemover Pro:
Step 1. Run SpyRemover Pro installer
Click on the .exe file that just downloaded in the lower right corner of your browser window.
Step 2. Click Yes
Click Yes to accept the User Account Control settings dialog.
Step 3. Foll0w setup instructions
Follow the instructions to get SpyRemover Pro set up on your computer and you will be good to go!