Home Malware Programs Ransomware Grod Ransomware

Grod Ransomware

Posted: November 14, 2019

The Grod Ransomware is a file-locking Trojan from the family of the STOP Ransomware. The Grod Ransomware can encrypt your digital media securely and uses the circumstance for demanding ransom payments. Backups, when stored safely, can offer a reliable solution to its attacks, and many anti-malware programs can remove the Grod Ransomware properly.

Shiny New Numbers on Slowly-Aging Trojan Attacks

The Ransomware-as-a-Service that's making a name for itself worldwide is showing another offspring off to victims in Turkey. The Grod Ransomware has little to set itself apart from the Coot Ransomwar, the Peet Ransomware, the Werd Ransomware, or the Reco Ransomware, but it's version 0183 of the STOP Ransomware collective. Although this geographical choice is a little far abroad from the family's usual 'stomping grounds' of India and Malaysia, it's not unheard of – and a reminder that file-locking Trojans can happen anywhere.

The Grod Ransomware still is a Windows-based program and retains the attacks for which its relatives are most notorious: dual-algorithm encryption using both AES and RSA. This feature lets the Grod Ransomware block media content on the PC, such as JPG pictures, documents or even archives. Victims usually can identify different infections from the file name changes, such as the Grod Ransomware's 'grod' extension.

With the media locked and the Restore Points removed via CMD commands, the Grod Ransomware generates a ransom note in a Notepad text file. Besides a change in the familial ransoming address, malware experts find the Grod Ransomware's message identically-worded to past versions. Paying the ransom remains not recommended for any victims since any criminal could withhold their unlocking help while still taking the money.

Wearing Out Factory-Pressed Trojans

The most efficient means of counteracting a file-locking Trojan always involves establishing a backup in a location that it can't encrypt or delete previously. Backups on DVDs, USBs, or a cloud service should remain intact and help with recovering everything that the Grod Ransomware 'locks.' Users who disable their Internet connections during the Grod Ransomware's initial setup also may have a better chance of recovering media since the STOP Ransomware family favors an online, downloadable protocol for its encryption security.

The Grod Ransomware infections also harbor additional risks. STOP Ransomware's family sometimes is in the company of spyware, such as Mimikatz, a utility connected with numerous threat actors' campaigns and collects passwords. Ordinarily, such an attack supports the file-locking Trojan by letting an attacker compromise other connected systems within a business or government network. Users should, accordingly, change passwords ASAP after resolving infections appropriately.

Malware experts recommend prioritizing the removal of the Grod Ransomware with anti-malware tools first, for stopping any ongoing attacks. After the disinfection, media recovery can commence via backups or other means.

The Grod Ransomware doesn't have much new for showing off, but that's not a good cause for a celebration. File-locking Trojans will continue their business strategy until it fails, and victims stop paying them for it.

Related Posts