GrodexCrypt Ransomware Removal Guide

Do you know what GrodexCrypt Ransomware is?

You can rest assured that GrodexCrypt Ransomware has invaded your operating system if you are introduced to a pop-up ransom note called “GrodexCrypt,” and if your personal files have the “Lock.” extension appended to their names. Unlike most infections, this ransomware adds the extension at the beginning of the name. It is quite helpful that the threat adds this marker because it becomes easier for you to identify encrypted files. It is very important that you check which files were corrupted, and in case backups exist, the only thing you need to worry about is the removal of GrodexCrypt Ransomware. Unfortunately, if your files are not backed up, you might face big problems, and you might end up losing your files because even if you pay the ransom, you do not know if your files would be decrypted. If you are lucky, you will find a legitimate file decryptor that will unlock your files for free. Overall, whether or not you decrypt your files, you must delete the ransomware, and that is what we discuss in this report.

It was found that GrodexCrypt Ransomware belongs to the Crypt888 ransomware family, just like the Aviso Ransomware and Mircop Ransomware, both of which we have discussed in previous reports. Though it is possible that all three of these infections were created by different parties, the same malicious developer could stand behind all of them. Unsurprisingly, they all operate in the same manner. For example, they are expected to spread via spam emails. Of course, you cannot dismiss other security backdoors that could be used to let this threat in. Once the infection slithers in, it immediately encrypts files. If you realize that the file you downloaded is malicious, you have to remove it as soon as possible, and, maybe, you will evade encryption. Unfortunately, most users do not notice the infection until it displays the “GrodexCrypt” window representing the ransom demands. According to it, you have to send a ransom of $50 to 16mFFW1RE9DanwbHMVYM1wBUHZczXATd2X. Afterward, you are requested to send your unique ID code (provided via the note) to stysla@protonmail.com, soon after which, a “decryption application” should be sent to you. You have 48 hours to do this.

The “F.A.Q” section represented via the GrodexCrypt Ransomware window informs that you cannot decrypt your files in any other way. Also, you are warned that the decryptor will be removed if you delete GrodexCrypt Ransomware from your computer. Additionally, you are provided with instructions on how to purchase Bitcoins because that is the currency in which you must pay the ransom. You can find this information in the “How To PAY!” section. One statement in this section informs that the threat will be removed automatically as soon as you pay the ransom and get your files decrypted. That is not the truth, and so how can you trust cyber criminals when they say that your files will be decrypted once you pay the ransom? You cannot. Paying the ransom – regardless of how small it might appear to be – is the last resort, and, first, you should look into backups and third-party decryptors that could unlock your files for free. Be careful when employing decryptors because you might encounter fictitious ones.

According to the latest information, a decryptor that can decrypt files locked by GrodexCrypt Ransomware exists, and so it is possible that you can recover your files. Paying the ransom is not a good option because it is unlikely that cyber criminals would keep their promises to unlock your files afterward. In any case, deleting GrodexCrypt Ransomware is the most important task, and you have to decide if you will employ anti-malware software to have it erased automatically or if you will eliminate it manually. The guide below shows how to do that, but remember that only anti-malware software can fully clear your PC from malicious infections while reinforcing your system’s protection at the same time.

Remove GrodexCrypt Ransomware

  1. Find the launcher of the malicious GrodexCrypt Ransomware (.exe file with a random name).
  2. Right-click and Delete this file.
  3. Empty Recycle Bin.
  4. Install a legitimate malware scanner and inspect your operating system for malicious leftovers.

In non-techie terms:

GrodexCrypt Ransomware is an infection that can encrypt your files. Once it does that, it introduces you to a notification suggesting that you can recover your files only by paying a ransom that, at the time of research, was $50. If you do not want to waste your money for no reason, you should consider other options before you take the risk of paying the ransom. For example, if your files are backed up, you can recover them for free. Also, a legitimate file decryptor might be able to help as well. Once you restore your files and delete GrodexCrypt Ransomware, you need to install security software ASAP because you do not want malware to slither into your operating system again.