Researchers Report on Godra Ransomware
Godra Ransomware is a newly released ransomware by malware researchers that surfaced at the end of December 2017. According to it's sample, it has been reported that it primarily focused to infect user from the Croatia. But it does not mean that it cannot affect people from another countries. Soon, it will infect all System that mainly executed on Windows based platform. Before getting detailed information about this ransomware you have to know that it is not an ordinary ransomware infection. It mainly features 64-bit executable file while other ransomware feature with 32 but executables. When it comes to encryption, it uses AES encryption algorithm to encrypt all saved files including audios or videos, PDFs, documents, databases, images etc. The locked files are usually going to marked with the .godra file extension. On the successful encryption, it displays a ransom note on desktop screen which may seems as follow :
Is It Worthy To Pay Ransom Fee Asked By Godra Ransomware's Developer
Ransom note serves as a tricky things to attract more and more Windows user. In ransom note, hackers inform victim about file encryption and asks victims to pay around 2000 Euro which approximately equals to 0.124257 BTC. It also mentioned in ransom note that after the ransom payment, unique IDs are highly supposed to be sent to the cyber hacker's email address including [email protected] But paying money is not a wise decision to get files back because some of the System users reported in well reputed forum that hackers often ignore victims once ransom paid. The best method to get files back are backup and Shadow Volume copies. In the lack of such a solution or keep valuable data as well as PC safe for future, you must follow the provided instruction to delete Godra Ransomware from your PC without any delay.
Transmission Preferences of Godra Ransomware
According to the depth analysis by researchers, Godra Ransomware's payload is mainly spread over the Windows PC via malspam. The malspam has deliver an exe file named Prijedlog_za_ovrhu_urbr_220-2017.pdf.exe file. Judged on it's appearances most of the recipients may trust that such a message appear from the legitimate. By downloading .pdf file or opening of any spam messages will unknowingly infect your Operating System with such a ransomware infection. Therefore, it is highly suggested that you should not open any file. Besides malspam, such a ransomware can also infect your PC via bundling method, pirated software, junk mail attachments, infected external devices, P2P file sharing network etc. Apart from these distribution channels, creators of Godra Ransomware uses another deceitful ways to infect Windows Computer.
Follow Steps To Uninstall Godra Ransomware From PC
Step A: Know How to Reboot Windows PC in Safe Mode (This guide is meant for novice users).
Step B: Godra Ransomware removal Using System Restore.
Still, if you are facing problem in rebooting PC in Safe mode, opt for System Restore. Follow the steps given below. Press F8 continuously until you get Windows Advanced Options Menu on Computer Monitor. Now Choose Safe Mode with Command Prompt Option and Tap enter.
- In the Command Prompt Windows, you need to type this command : cd restore and Select Enter system-restore-1
- Now type rstrui.exe as command and press on Enter.
- This will open a new window to Restore System Files and Settings. Click on Next to proceed.
- Restore Point is to be selected from the date you want to restore back your system as it was earlier to Godra Ransomware attack.
Step C: Another method for recovering your decrypted files are by using file recovery software
If above methods are not successful you can go for file recovery software. It can be helpful in recovering your encrypted files as Godra Ransomware first makes a copy of original files and then encrypt it. After encryption it Uninstalls the original files. So there is high probability that these file recovery software can help you in recovering your original files.
Step D: Know How to Restore Shadow Copies of Encrypted Data
In certain cases, if Godra Ransomware has not Uninstalld the Shadow Copies of the data then it can be easily restored using ShadowExplorer. (Know how to install and use ShadowExplorer).