What's .GROD ransomware
.Grod virus is a virus in the ransomware or Cryptovirus category that encrypts your files by adding the .Grod extension to the file names and demands a ransom in the form of bitcoin to give you the decryption key.
The ransomware targets only Window’s users by denying access to any files on your system. A ransom note is added in each folder demanding bitcoin worth $490 to $980.
Recommended automatic removal software
A Powerful Malware Detection & Removal Tool. A very thorough guide for SpyHunter is found here.
Booth the free and premium versions can be used. A very thorough guide for Malwarebytes is found here
A scanner that can be used without installation to scan and clean infected computers. A thorough guide is found here
Sources of the ransomware
- SPAM Email that seems very convincing but contains infectious attachments (or links to virulent files). These deceptive emails are usually disguised as “official”, “urgent”, “important” and so on
- Accessing open Remote Desktop Services (RDP) ports. The attackers scan for the systems running RDP and then attempt to brute force the password for the systems.
- via trojans, untrustworthy download sources and cracked software from suspicious sites.
- Fraudulent software or system updaters that exploit weaknesses of outdated software to install malware, rather than updates.
The message in the text file states that all of the victim’s data has been encrypted with the strongest encryption and unique key. It then informs users that the only method of recovering the encrypted files is to buy a decryption tool and key from the developers of Grod.
As proof of their ability to restore the data, the developers freely offer to decrypt only one file as long as it does not contain valuable information.ie not your important files like excel sheets.
The payment (ransom) size is $980, but if contact is established within 72 hours – it can drop to $490. If the criminals do not respond in six hours, victims are told to inspect their “Spam/Junk” email folders for the response.
They provide their contact emails at the end of the note. It is expressly advised against meeting the ransom demands and/or communicating with cyber criminals since they are not to be trusted and could possibly not provide the promised tools despite paying.
Removing the malware DOES NOT guarantee that your data will be restored, however, this will prevent it from further encryptions. The only possible solution is recovering the files from a backup if you had made one before the attack.