What is CryptoGod Ransomware?
CryptoGod is a new encoder which is focused on Italian-speaking users. CryptoGod encrypts the most important files on victim’s computer and then demands the ransom, that’s why it is called “ransomware”. Once your data is encrypted, they become unreadable and in fact useless. However, if you think that the transfer of money to cybercriminals might solve your problem, I’m sorry to be the one to tell you, but they are not going to help you. As experience shows that they usually go missing once payment is done.
CryptoGod Ransomware encodes users’ personal files using complicated encryption algorithm. It is easy to recognize by “.locked” extension which is added to each affected file. For example, file “myfamily.jpg” will turn into “myfamily.locked”. After this, ransomware creates TXT file – LEGGIMI.txt on the desktop where the user will find instructions to decrypt encrypted files:
ESEMPIO RANSOMWARE ESAMI DI STATO 2018 DI PATRIZIO NAPOLI 5a B SIA
INSERISCI IL CODICE TRANSAZIONE BITCOIN
INSERISCI LA TUA E-MAIL
INVIA DATI
----------
I TUOI FILE PERSONALI STANNO PER ESSERE CANCELLATI. LE TUE FOTO, VIDEO, DOCUMENTI ETC...
MA NON PREOCCUPARTI! SUCCEDERÀ SOLO SE NON SEGUI LE REGOLE.
HO GIÀ CRIPTATOI TUOI FILE, IN MODO CHE TU NON POSSA ACCEDERVI. OGNI ORA SELEZIONERÒ UNO DI LORO E LO CANCELLERÒ IN MODO PERMANENTE, DOPO 24 ORE LI CANCELLERÒ TUTTI, QUINDI NEMMENO IO SARÒ PIÙ IN GRADO DI RECUPERARLI.
SONO L'UNICO IN GRADO DI DECRIPTARE I TUOI DATI..
ORA, GUARDA I TUOI FILE, NON POTRAI DECRIPTARLI SENZA PAGARE.
LA CIFRA DA PAGARE PER RIAVERE I FILE È DI 300€ IN CODICI PAYSAFECARD.
PUOI INSERIRE DIRETTAMENTE QUI SOTTO I TUOI CODICI PAYSAFECARD, IL NOME DEL TUO PC ED UNA TUA E-MAIL PER INVIARLE IL CODICE DI DECRIPTAZIONE DEI FILE.
Translation into English:
EXAMPLE RANSOMWARE STATEMENT EXAMS 2018 OF PATRIZIO NAPOLI 5a B SIA
INSERT THE BITCOIN TRANSFER CODE
INSERT YOUR EMAIL
SEND DATA
----------
YOUR PERSONAL FILES ARE TO BE CANCELED. YOUR PHOTOS, VIDEOS, ETC DOCUMENTS ...
BUT DO NOT WORRY! IT WILL HAPPEN ONLY IF YOU DO NOT FOLLOW THE RULES.
I HAVE ALREADY CRIPED YOUR FILES, SO THAT YOU CAN NOT ACCESS YOU. EVERY HOUR I WILL SELECT ONE OF THEM AND I WILL CANCEL IT PERMANENTLY AFTER 24 HOURS I WILL CANCEL YOU ALL, THEREFORE I WILL NOT BE ABLE TO RECOVER THEM.
I AM THE ONLY ABLE TO DECREASE YOUR DATA ..
NOW, WATCH YOUR FILES, YOU CAN NOT DECIDE IT WITHOUT PAYING.
THE NUMBERS TO PAY TO REACH THE FILES IS € 300 IN PAYSAFECARD CODES.
YOU CAN INSERT DIRECTLY BELOW YOUR PAYSAFECARD CODES, THE NAME OF YOUR PC AND YOUR E-MAIL TO SEND THE CODE OF DECREADING FILES.
The virus doesn’t delete your files which means you have a good chance to get them back. Before deciphering, you should first stay focused on removing CryptoGod Ransomware in order to avoid the re-infection. Once CryptoGod Ransomware is removed, you can proceed with decryption. Both automatic and manual solution is presented here that we hope will help you remove CryptoGod Ransomware and recover your files.
How CryptoGod ransomware gets on your PC?
This type of virus can be infiltrated through several methods, including a freeware software, spam messages, trojans, software from dangerous sources, etc. A process of installation can start hidden and automatically. Besides that, some malware programs can mark CryptoGod Ransomware as a trusted software program.
How to remove CryptoGod ransomware?
To make sure that the ransomware won’t reappear, you need to delete CryptoGod ransomware completely. For this, you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to the automatic removal tool.
Performing an antimalware scan with Norton would automatically search out and delete all elements related to CryptoGod ransomware. It is not only the easiest way to eliminate CryptoGod ransomware but also the safest and the most assuring one.
How to decrypt .locked files
Restore files with Stellar Data Recovery
Stellar Data Recovery is an essential tool in the fight against ransomware-type viruses that can recover encrypted files.
- Download Stellar Data Recovery and launch it
- Select the drive you want to recover and click START SCAN
- After scanning is finished, you are presented with a list of recoverable files found.
- Select the required files and click the Recover
Decrypt files using our decryption service
You may try using our own service for decrypting files compromised by ransomware-type viruses. The analysis of data takes 3-5 days, after which, we will let you know whether it’s decryptable or not. Note: the service is paid, payment is charged only for decryption, the analysis is free. In order to use our service, you should fill out the form listed below.
Also, please add a log file, created on your PC:
- Click “Start” and type: “cmd.exe” in the search box
- Right-click “cmd.exe” and select “Run as administrator“
- In command line, type or copy/paste following: dir C:\ /a/s > “%userprofile%\dirc.log”
- Find and attach the created “%userprofile%\dirc.log” file to the web form
Please attach encrypted text files according to the following conditions:
- number of files should not exceed 4;
- file size is not more than 8 megabytes;
- files must be from different folders;
- files must be unique.
Restore the system
- Initiate the search for system restore
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
If the above-mentioned methods didn’t help in eliminating the threat, then it’s better to rely on an automatic way of deleting CryptoGod Ransomware.
How to prevent ransomware infection
To prevent infection with ransomware-type viruses, you should have proper antimalware software. This method is convenient because it allows you to detect a virus before it penetrates, and therefore to avoid infection and the loss of all your data. It is capable of protecting not only home computers but also server systems in large organizations. Download antimalware program to secure your system and privacy.