Godra Ransomware
Posted: December 19, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 18,602 |
---|---|
Threat Level: | 8/10 |
Infected PCs: | 16 |
First Seen: | November 10, 2022 |
---|---|
Last Seen: | September 8, 2023 |
OS(es) Affected: | Windows |
The Godra Ransomware is a file-locker Trojan that can encrypt digital media to keep you from opening it. While it's ongoing, this attack operates as a clandestine, background process, although the symptoms afterward include text-based ransoming messages and pop-ups. Malware experts suggest backing up media to other devices for safekeeping and letting anti-malware software handle the removal of the Godra Ransomware.
Fake Financial Agencies Exerting Too Much Agency
Croatia is far from one of the most often-targeted nations for cyber-hoaxes but does experience non-negligible attention from operations like those of the Marlboro Ransomware, the WinUpdatesDisabler Ransomware the DetoxCrypto Ransomware or the Serpico Ransomware. The last Trojan falling into this region for campaigning is the Godra Ransomware, which conducts archetypal encryption attacks so that it can, later, sell the file-unlocking application to any victims. Malware experts are tracing these incidents to exposure to forged e-mail messages.
Threat actors are spamming Croatian e-mail accounts with fake, regulatory enforcement notifications supposedly from FINA, the Croatian Financial Agency. These messages include attachments with PDF-formatted names, but the attachment isn't a PDF document. Opening the file, which is an executable, drops the Godra Ransomware onto the computer to commence its data-locking payload.
The Godra Ransomware uses what malware analysts determine as being an AES-based cipher for blocking different kinds of media, which can include documents, pictures, spreadsheets, slideshows, archives or general databases. The routine keeps these files from opening in other programs, and this locking symptom is only curable via a separate application that the threat actors are withholding for ransom. Information available currently places the cost at two thousand Euros in Bitcoins.
Going Agnostic with Your Media
The Godra Ransomware creates pop-ups to alert the victim as soon as it finishes blocking all of the targeted files and provides additional details for the ransoming negotiations in one or more Notepad files. Unlike most threat actors, the Godra Ransomware's operators are withholding the decryption program, instead of just the key, which may complicate any possibilities for investigating free decryption solutions. While malware experts strongly discourage any paying of the ransom, the Godra Ransomware's threat actors are providing a free 'demo,' one-time file restoration that users may wish to use for restoring any particularly valuable files.
Without further investigation into its encryption protocols, malware experts can't promise that reversing the Godra Ransomware's cipher is practical or possible for free. Backups on cloud services or portable drives can give any users recovery options that don't require the unlocking of any enciphered content. Equally pertinent is the fact that most anti-malware solutions, when they're active, should detect and remove the Godra Ransomware immediately even if the user runs the Trojan's disguised executable.
Croatian Trojans like the Godra Ransomware, the MotoxLocker Ransomware, and Serpico Ransomware use e-mail and other, traditional exploits to gain access to a computer automatically. A PC is only as safe as the files one chooses to run on it, and looking carefully at everything you click is important.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.