The GrodexCrypt ransomware was first discovered early this month of June, 2017. Grodexcrypt is a ransomware Trojan which is based on Mircop, a ransomware Trojan that had been active months prior to the Grodexcrypt ransomware. This ransomware came from the same ransomware group; the Crypt888 ransomware family, like the Aviso Ransomware and Mircop Ransomware. Like most ransomware virus, the Grodexcrypt carries out a tactic that encrypts your files using an encryption method and demands you to pay the ransom if you want to recover your files. This ransomware will scan your computer for files and appends “Lock” at the beginning of the file’s name unlike most Trojans that adds their extension at the end of each file’s name.
After the encryption process, the Grodexcrypt ransomware will send you its ransom note, demanding you to pay the ransom or else your files will be compromised. Here is the full part of the ransom note:
“Your computer files have been encrypted. Your photos, videos, documents, etc….
But, don’t worry! You can still save your files.
You have 48 hours to pay 50 USD in Bitcoins to get the decryption key.
After 48 all the files will be deleted and the decryption key will be destroyed.
If you do not have bitcoins Google the website buybitcoinworldwide or localbitcoins
Purchase 50 American Dollars worth of Bitcoins.
Send to the Bitcoins address specified.
Within minutes of receiving your payment your computer will receive the decryption application and return to normal.
Try anything funny and the decryption key will be destroyed along with your whole computer.
As soon as you have paid, please send email to [email protected] with your unique code: “7C8” as we receive the email we will send you the decryption application.
Thank you
How to pay us in bitcoins:
Useful site: buybitcoinworldwide.com
1. Visit the site above
(2. Login or create an account if necessary).
3. Buy the amount of bitcoins (50USD in BTC) you need to pay and send them to the address given in this window.
(4. You can go to blockchain.info and search for your address to see whether the bitcoins are received).
5. If the bitcoins are on the address, send email to [email protected] and we will send you the decryption application.
6. Your decryption application is now received, just run it and it will start decrypting your files.
7. Your files will be restored and the program will delete itself.
Q: Is it possible to decrypt my files without paying?
A: No
Q: What if I try to remove this software?
A: Your decryption application will be destroyed and
all of your files will be deleted
Q: What if I dont have bitcoins?
A: We have clear instructions how to buy bitcoins and send them to us”
Some users may give in to the cyber criminal’s demands after reading the ransom note because of the threats it conveyed. And some might think it would be the easiest way out since it’s only a measly $50. But that is not the case. Even though you can afford it that is still not the best choice to take since there are other ways to remove this ransomware and recover your files without spending a cent.
How is the GRodexcrypt distributed? This ransomware may be spread out through corrupted files like .docx files or .pdf files which might include corrupted macro scripts that allows the Grodecrypt ransomware to be downloaded and installed without your antivirus identifying it as a threat.
News has it that a decryptor exists for the Grodexcrypt ransomware. So there is really no need to pay the ransom to recover your encrypted files. Also, it would really help if you have a trusted antivirus and anti malware program like SpyRemover Pro to fully clean out your computer from this ransomware along with the files it came with and its residues. Continue reading this article to find out how to get rid of the Grodexcrypt ransomware.
Removal Guide for Grodexcrypt Ransomware:
Step 1. Reboot your computer into Safe Mode.
Step 2. Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for the any suspicious processes that can be related to the Grodexcrypt Ransomware.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 3. Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Locate any suspicious program and then Uninstall. Then click the Windows button and type msconfig in the search box and hit Enter to Open System Configuration. Go to Startup and unmark items with an unknown manufacturer.
Step 4: Press the Start key + R and type the following:
Notepad %windir%/system32/Drivers/etc/hosts
This file will open which will determine if you are hacked through a bunch of IP addresses at the bottom:
Open the start menu by clicking the Windows button and search for Network Connections using the search box and hit Enter.
-
Right-click on your Network Adapter, go to Properties, Internet Protocol Version 4 (ICP/IP), then click Properties.
-
The DNS line will be set to Obtain DNS server automatically.
-
Select Advanced on the DNS tab, and if there is anything there, remove it and click OK.
Step 5. Delete everything under these directories:
-
%USERPROFILE%\Downloads
-
%USERPROFILE%\Desktop
-
%TEMP%
Step 6. Go to the Registry Editor by pressing Start key + R and typing in Regedit in the dialog box. (Take note that modifying your Registry can affect your computer, be sure to create backups of entries you wish to modify or delete.)
Step 7. In the Registry Editor, press Ctrl + F to find Grodexcrypt ransomware and other related files.
Step 8. Right-click on any entries related to the Grodexcrypt ransomware and delete them.
Step 9. Open you File Explorer by pressing Win + E.
Step 10. Look for any malicious executable files you have saved or downloaded and ran prior to the attack and delete them.
Step 11. Go to your Recycle Bin and erase everything.
Step 12. Reboot your computer in Normal Mode.
Step 13. Scan your computer using SpyRemover Pro to check if the threat is gone as well as remove the ransomware’s leftovers.