Threat Database Ransomware GrodexCrypt Ransomware

GrodexCrypt Ransomware

By GoldSparrow in Ransomware

First discovered in June of 2017, the GrodexCrypt Ransomware is a ransomware Trojan that is based on Mircop, a ransomware Trojan that had been active in the months prior to the appearance of the GrodexCrypt Ransomware. The GrodexCrypt Ransomware carries out a typical ransomware tactic, encrypting the victim's files using a powerful encryption method and then requiring that the victim pays a ransom to recover the affected files. The GrodexCrypt Ransomware will identify the files compromised in the attack with the string 'Lock.,' which is added to the beginning of each file's name (this is something uncommon since most ransomware Trojans will instead add a new extension to the end of each file's name rather than the beginning).

Although not Expensive. PC Users shouldn’t Pay the GrodexCrypt Ransomware Ransom

The GrodexCrypt Ransomware demands a ransom payment of $50 USD in BitCoins to restore the affected files. Although this amount is a lot less than what most ransomware Trojans demand (which typically cost anywhere between $500 and $2000 USD), PC security researchers strongly advise computer users to refrain from paying the GrodexCrypt Ransomware ransom. The con artists will seldom keep their word and deliver the decryption key after the ransom is paid. Furthermore, paying the GrodexCrypt Ransomware ransom allows con artists to continue developing and creating ransomware like the GrodexCrypt Ransomware. Because of the strength of the GrodexCrypt Ransomware's encryption, the best protection against this ransomware Trojan is to keep file backups on an external memory device or the cloud.

How the GrodexCrypt Ransomware Carries out Its Attack

The GrodexCrypt Ransomware may be delivered to the victims' computers through corrupted DOCX or PDF files that include corrupted macro scripts (which allow the GrodexCrypt Ransomware to be downloaded and installed). Once in the victim's computer, the GrodexCrypt Ransomware will use a strong encryption algorithm to encrypt the victim's files. After the encryption is over, the GrodexCrypt Ransomware will deliver its ransom note, demanding that the victim pays a ransom amount to recover the compromised files. The following is the full text of the GrodexCrypt Ransomware's ransom note:

'Your computer files have been encrypted. Your photos, videos, documents, etc....
But, don't worry! You can still save your files.
You have 48 hours to pay 50 USD in Bitcoins to get the decryption key.
After 48 all the files will be deleted and the decryption key will be destroyed.
If you do not have bitcoins Google the website buybitcoinworldwide or localbitcoins
Purchase 50 American Dollars worth of Bitcoins.
Send to the Bitcoins address specified.
Within minutes of receiving your payment your computer will receive the decryption application and return to normal.
Try anything funny and the decryption key will be destroyed along with your whole computer.
As soon as you have paid, please send email to STYSLA@PROTONMAIL.COM with your unique code: "7C8" as we receive the email we will send you the decryption application.
Thank you
How to pay us in bitcoins:
Useful site:
1. Visit the site above
(2. Login or create an account if necessary).
3. Buy the amount of bitcoins (50USD in BTC) you need to pay and send them to the address given in this window.
(4. You can go to and search for your address to see whether the bitcoins are received).
5. If the bitcoins are on the address, send email to and we will send you the decryption application.
6. Your decryption application is now received, just run it and it will start decrypting your files.
7. Your files will be restored and the program will delete itself.
Q: Is it possible to decrypt my files without paying?
A: No
Q: What if I try to remove this software?
A: Your decryption application will be destroyed and
all of your files will be deleted
Q: What if I dont have bitcoins?
A: We have clear instructions how to buy bitcoins and
send them to us.'

Protecting Your Data from the GrodexCrypt Ransomware Attacks

The best protection against ransomware Trojans like the GrodexCrypt Ransomware is to have file backups on an external memory device. Having backup copies of your files negates the strategy the GrodexCrypt Ransomware uses to make a profit completely. In fact, if enough computer users had file backups, attacks like the GrodexCrypt Ransomware would disappear since it would no longer be feasible for con artists to extort computer users in this manner.


Most Viewed