dfab

.grod Ransomware infection

Recommended Posts

Hello.

Yesterday my laptop was infected with ransomware. When I realized this it was too late; literally thousands of files had been encrypted with the .grod extension. So far I seem to have removed it; the associated programs have been removed through a combination of Emsisoft, Karspersky, Microsoft and GridinSoft anti-malware. The laptop is working though I've been carrying out system scans for the past 24 hours, barely getting any sleep in.

File extensions compromised include... Well, just about every single one. Image (jpg, bmp, png, gif), document (docx, pdf, txt, html), image editing files (for Affinity Photo and Designer, for instance), music (mp3, spf), fonts, executables, etc. I estimate very close to 100% of my content has been rendered useless, and this is particularly damaging because I work remotely and am now locked out of work done for my clients. System restore had done nothing. Ironically, the ransomware attack happened while I was trying to download an antivirus.

Investigating what I could, this is a variant of the Djvu/STOP ransomware family, but it's a fairly recent version and supposedly it features an online ID.I am not paying these people in any way. I would like to know however, what are the odds that this will be able to be decrypted in the near future. The Emsisoft STOP Ransomware Decryptor I've download does not seem able to decrypt any file, and I can't use any file through which I can run through the pair file checkup (it keeps telling me the original file is encrypted even when I'm using files before the attack).

So far, the information I have is VirusTotal's information.

I'm attaching the ransom note ( _readmetxt), which has been duplicated along many folders; and a link to a Filebin folder with several encrypted files of various extensions and sizes (ttf, afphoto, mp3, txt, tga, bmp).

_readme.txt

Share this post


Link to post
Share on other sites

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.