CryptoGod ransomware virus is a fresh variant of MoWare HFD infection and has been determined to be based on Hidden Tear open source project. It initiates file-encryption with an AES algorithm which makes sure that digital data would no longer be accessible. After the encryption is fully completed, the affected executables will feature a new extension: .payforunlock. Security researchers have their reasons to believe that this variant is targeting Italians. The initial ransom is 0.03 BTC which is actually 84.10 US dollars. What is more, the ransom will reach 0.05 if users have not paid the ransom when the countdown hits zero.
Rivecuta 25-05-27.exe is indicated as the payload of CryptoGod crypto-virus. The seemingly insignificant executable be the source of malicious activity that will take place in an affected operating system. This is not the only reason behind the assumption that this sample is aiming to influence computer devices of Italians. In the description section, hacker decided to indicate it as an “Acrobat Reader” application.
The payload, once inserted into an operating system, will have means and opportunity to prepare your device for the encoding. These preparations include modification of Windows Registry keys, scanning for files and attempts to act stealthy. If the malicious program becomes one of the applications that get automatically launched, its presence will be found in Task Manager.
Nobody should let hackers win as sending the required bitcoins might not even result in an efficient restoration of your files. Once the transaction is sent, victims are supposed to contact [email protected] email address. However, you should not follow the instructions that crooks left. We have managed to find out that the infection targets a huge variety of file types, from the most popular to very little-known. Other infections limit their targets to a minimum and stick to only encoding the prevailing documents, photos, videos, presentations and etc. In total, the latter infection has been indicated to be capable of ruining files of 666 different file types.
There are several options for file-recovery if they have been appended with .payforunlock extension. The first one refers to the chance that you might have stored your executables in backup storages or USB flash drives. This means that you do not have to worry about your files being encrypted because you have an alternative source for them. However, not all people appreciate the benefits of having your files in more than one location. You should comprehend that keeping files in backup storages is an extremely clever decision. If a ransomware encodes digital data in your computer, you will be able to retrieve them from an alternative source.
For more information, regarding the possible decryption options, you are recommended to read all of this article carefully. Universal tools, Shadow Volumes are the discussed points, together with additional ones. Also we provide instructions for a manual removal. Removing crypto-viruses manually takes certain skills. Therefore, we only recommend this option to those who have experience, while newbies should download a sophisticated anti-malware tool and run a scan. It will detect all sources of harmful activity.
However, before you apply any of the recommendations above, we have to mention that the ransomware removal should be your top-priority. Spyhunter and have all had of battles with crypto-viruses.
Ransomware can be spread in a number of ways. First of all, it can arrive into devices via malicious spam letter that will reach accounts of random people. Exploit kits is also a popular method of transmission. Whatever you do, never install applications from unknown sources or unknown developers. Such downloads can end up with you allowing a malicious virus into your operating system.
Automatic Malware removal tools