Godox Ransomware
The Godox Ransomware is a threat that can cause severe damage to the systems it manages to infiltrate. This malware is designed specifically to lock the files of its victims and make them unusable and inaccessible completely, as part of an extortion scheme. Indeed, the attackers will offer to provide a decryption tool and key but only after being paid a sizeable ransom. When it comes to the Godox Ransomware specifically, analysis by infosec researchers has revealed that it is a variant from the VoidCrypt malware family.
During its invasive programming, Godox impacts documents, archives, databases, images, photos and many other file types. Each file will have its original name modified to a significant degree. First, the threat assigns an ID string to each specific victim. That string will be added to the names of all locked files. Then, an email address controlled by the attackers (Folperdock@gmail.com, in this case) will be appended. Finally, '.Godox' is included to act as a new file extension.
Ransom Note's Overview
The threat will create two identical ransom notes on the desktop of the invaded system. One will be displayed in a pop-up window created via a '.Decryption-Guide.HTA' file, while the other will be placed inside a text file named 'Decryption-Guide.txt.' According to the ransom demanding messages, victims are expected to send one encrypted file to be unlocked for free. They also are supposed to find a file named either 'RSAKEY.KEY' or 'RSAKEY-SE-24r6t523' that the Godox Ransomware should have created in the C:/ProgramData folder of the system. Without this file, even the cybercriminals will be unable to restore the encrypted data.
The full text of the note is:
'Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : RSAKEY-SE-24r6t523 pr RSAKEY.KEY) to Make Sure Your Files Can be Restored
Make an Agreement on Price with me and Pay
Get Decryption Tool + RSA Key AND Instruction For Decryption Process
Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
4-Do Not Always Trust to Middle mans and negotiators (some of them are good but some of them agree on 4000usd for example and Asked 10000usd From Client) this Was happened
Your Case ID :
OUR Email :Folperdock@gmail.com'
