GrodexCrypt Ransomware

What is GrodexCrypt Ransomware?

Do NOT open random spam emails because you might invite GrodexCrypt Ransomware by doing so. If you let this infection into your operating system and allow it to encrypt your files, you will find yourself in a predicament. This threat encrypts files, and it demands for a ransom to be paid. Well, can you just pay the ransom and be done with the whole thing? Unfortunately, we cannot guarantee this because, in most cases, ransomware creators do not care about providing their victims with decryptors. All they care about is the money, and they are likely to disappear once they get it. The information that the creator of the threat displays using a window entitled “GrodexCrypt” is meant to make you think that the devious infection will disappear once you pay the ransom as well. Of course, that is not the case, and even if you get your files decrypted, you must not forget to delete GrodexCrypt Ransomware. Anti-Spyware-101.com research team has thoroughly researched this malicious threat in our internal lab, and the information in this article represents the findings.testtesttest

How does GrodexCrypt Ransomware work?

We warned you in the beginning that the devious GrodexCrypt Ransomware can slither into your PC when you open spam emails. In fact, you would have to execute a corrupted spam email attachment to unleash this infection. If the launcher is executed, it does not take long for the ransomware to start encrypting your files. An encryption key should be sent from a remote server, where a decryption key should be stored as well. Needless to say, you cannot access this server and obtain the key yourself, and so the decryptor is in the hands of cyber criminals. To make it easier for you to spot the encrypted files, the infection adds the word “Lock.” to their names (in the front), but do not waste time removing these extensions because they are not really linked to the encryption, and your files will remain encrypted even if all of your files regain their usual names. The same extensions are used by Aviso Ransomware and Mircop Ransomware, both of which come from the same family as GrodexCrypt Ransomware. Note that we have already posted removal guides for both of these infections.

Soon after the encryption is fully completed, GrodexCrypt Ransomware displays a window with the ransom message within. The message informs that photos, videos, documents, and other files were encrypted, and that you have 48 hours to pay the 50 USD ransom. At the bottom of the message, you see a Bitcoin Address (16mFFW1RE9DanwbHMVYM1wBUHZczXATd2X) to which you are expected to pay the ransom. Those who pay the ransom are also requested to email their unique ID numbers to stysla@protonmail.com. If you choose to follow cyber criminals’ instructions (not recommended), create a new email address to ensure that your normal email address does not get recorded. The message also includes FAQ and a guide on how to pay the ransom. Some information in these sections is misleading, and you should not believe that the ransomware will remove itself or that the decryptor will be destroyed if you delete it. In general, we do not recommend trusting anything that the creator of GrodexCrypt Ransomware says because it could be all lies.

How to delete GrodexCrypt Ransomware

If your files were encrypted by GrodexCrypt Ransomware, you need to think about your next move carefully. If you find a legitimate file decryptor that frees your files, do not forget that the ransomware itself must be eliminated anyway. If you decide you want to pay the ransom, and your files are decrypted – which is unlikely to happen – you must remove GrodexCrypt Ransomware as well. That is not very hard to do because there is only one file that you must erase. That is the launcher file. If you know where the file is, eliminate it immediately. If you do not, employ a tool that will erase it automatically. You also have to think about further system’s protection because this ransomware is only one of the many infections that attack vulnerable systems. If you employ a legitimate anti-malware tool, you will not need to worry about the removal of existing threats or the security of your operating system, and so we strongly recommend considering this option.

Removal Guide

  1. Right-click the [unknown name].exe file that is the launcher.
  2. Delete the file and immediately Empty Recycle Bin.
  3. Perform a full system scan using a legitimate malware scanner. 100% FREE spyware scan and
    tested removal of GrodexCrypt Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *