Threat Database Ransomware WORLD GRASS Ransomware

WORLD GRASS Ransomware

Cybercriminals are using a destructive malware threat to lock users out of their own data. The threat is tracked as the WORLD GRASS Ransomware, and its encryption algorithm is strong enough to make the restoration of the affected files without assistance from the attackers nearly impossible. Victims will be left unable to open or use any of the documents, PDFs, pictures, databases, archives, etc. that were stored on the infected device. It should be noted that the WORLD GRASS Ransomware also can be encountered as EarthGrass and EarthGress. 

Among its intrusive actions, the threat also will modify the names of the files it encrypts. More specifically, victims will notice that the locked files now have '.34r7hGr455' appended to their original names. Other changes brought on by the presence of the threat include changing the current desktop background with a new image and creating a new text file named 'Read ME (Decryptor).txt.'

Demands Overview

The new desktop wallpaper will display a brief ransom-demanding message. In it, the attackers state that affected users will have to pay a ransom of $100. The message also instructs users to contact the hackers by messaging the '' email address.

The text file provides additional details. Reading through the ransom note contained within it reveals that the $100 ransom must be paid using the Bitcoin cryptocurrency. The funds have to be transferred to the provided crypto-wallet address. Afterward, the affected users must provide evidence of the transactions in the form of a screenshot. The hackers also demand to receive relevant details about the transaction as well as the impacted computer. All of the demanded information is supposed to be sent to the same email address as the one mentioned in the desktop image. 

The full text of the instructions delivered in the text file is:




All your files have been encrypted due to a security problem with your PC.

If you want to restore them do this work,

1. Send 100$ BTC On this Address :-

Bitcoin Address = bc1q03ew0a5e4ly5k09rkfdgk4w5ga5x23x5r0uka2

2. After Sending The Funds Write us to the e-mail :-

Email Address =

(With The Transection Screenshot And Transection Details And Your Computer Details.)


* Do not rename encrypted files.

* Do not try to decrypt your data using third party software, it may cause permanent data loss.

* Decryption of your files of the help of third parties may cause increased price(they add their fee to our) or you can become a victim of a scam.

The message displayed as desktop background is:


!! Your Files Are Encrypted !!

If you want to restore your files write us to the e-mail : -

Price = 100$'


Most Viewed