Grod Ransomware

The Grod Ransomware is a brand-new data-locking Trojan that researchers have uncovered. After studying it, it became clear that the Grod Ransomware belongs to the notorious STOP Ransomware family – the most active ransomware family in 2019.

Propagation and Encryption

It is not clear how the Grod Ransomware is being propagated. Some believe that the creators of the Grod Ransomware are using mass spam email campaigns, fake software updates and bogus pirated copies of legitimate applications. However, the exact infection vector has not been pinpointed. Once the Grod Ransomware manages to compromise the targeted host, it will scan all the files, which are stored on the computer. The Grod Ransomware targets a wide variety of file types, as this ensures more damage. The more files that the Grod Ransomware locks, the greater the chance that the user pays up. When the scan is through, the Grod Ransomware will start its encryption process. The Grod Ransomware applies an encryption algorithm to lock the targeted files. You will notice that the extensions on the targeted files have been changed. The Grod Ransomware adds a '.grod' extension, which means that a file called 'car.jpeg' previously, will be renamed to 'car.jpeg.grod.'

The Ransom Note

Next, the Grod Ransomware will drop a ransom note on the desktop of the user. The name of the note is '_readme.txt.' In it, the attackers state that the ransom fee is $980, but all victims who connect them in less than 72 hours will get a 50% discount, which drops the price to $490. They also offer to unlock one file free of charge as proof that they are capable of reversing the damage. There are two email addresses where the victim is required to contact the attackers – ‘salesrestoresoftware@firemail.cc' and ‘salesrestoresoftware@gmail.com.'

We would advise you against getting in touch with cyber crooks, as they will likely never deliver on their end of the deal. Make use of an anti-virus tool and use it to clean your system.