Group Ransomware
The Group Ransomware is one of the many file-encryption Trojans that are lurking on the Internet and waiting for an opportunity to compromise your system. Unfortunately, while some malware attacks do not cause long-lasting damage, attacks by threats like the Group Ransomware are guaranteed to cause a lot of issues. This is because ransomware uses a sophisticated file-encryption routine whose ultimate goal is to prevent the victim from accessing their files – the only way to undo this is to run a special decryptor that will restore all files back to normal. Unfortunately, a free decryptor for the Group Ransomware is not available, so the victims of this threat may need to look into other data recovery options, which may not always be successful.
The Dharma Ransomware Family Continues to Grow
Cybersecurity experts have identified a long list of similarities between the Group Ransomware and the Dharma Ransomware, so it is safe to assume that the Group Ransomware belongs to the Dharma family of file-lockers.
All FILES ENCRYPTED "RSA1024"
All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL cybergroup1@aol.com
IN THE LETTER WRITE YOUR ID, YOUR ID 1E857D00
IF YOU ARE NOT ANSWERED, WRITE TO EMAIL:cybergroup1@aol.com
YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON’T PULL TIME, WAITING YOUR EMAIL
FREE DECRYPTION FOR PROOF
You can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
DECRYPTION PROCESS:
When you make sure of decryption possibility transfer the money to our bitcoin wallet. As soon as we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
!WARNING!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
When this threat is initialized on a computer, it immediately begins encrypting files that are used regularly – documents, images, videos, archives, spreadsheets, databases, songs, etc. Whenever it locks a file, the Group Ransomware will rename the original file by adding the extension '.id-
Attackers Offer Decryptor in Exchange for Bitcoin
The criminals responsible for the development of the Group Ransomware will not help you for free, so contacting them will not result in anything positive. All victims of the Group Ransomware will find two ransom notes on their desktop – one is usually stored in the file 'info.hta' while the other can be seen by opening 'RETURN FILES.txt.' Their contents are nearly identical, and their sole purpose is to scare the user into agreeing to fulfill all of the demands of the attackers. Of course, the crooks behind the Group Ransomware are looking to receive a hefty compensation, and this is why they offer to sell a decryption service in exchange for a significant Bitcoin payment. Do not accept this offer – the criminals may take the money and ignore you.
If you suspect that the Group Ransomware has taken your files hostage, then use an antivirus program to eradicate the malicious application. Once this task is taken care of, you can experiment with data recovery software, but do not forget that the only guaranteed way to resolve the issue entirely is to restore your files from a backup.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.