Remove Godra Ransomware - Restore .Godra Files
THREAT REMOVAL

Remove Godra Ransomware – Restore .Godra Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Godra and other threats.
Threats such as Godra may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will help you remove Godra ransomware absolutely. Follow the ransomware removal instructions provided at the end of the article.

Godra is a virus that encrypts your files and demands money as a ransom to get your files restored. Files are locked with the AES military grade encryption algorithm. The Godra cryptovirus will encrypt your data and files, while also appending the .Godra extension to each file. You are demanded to pay around 2000 US dollars (or Euros) in the Bitcoin cryptocurrency as a ransom payment to supposedly restore your data. Read on through the article and see how you could try to potentially recover some of your data.

Threat Summary

NameGodra
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer machine and demands a ransom of $2000 (or Euros) to be paid in the Bitcoin cryptocurrency to allegedly recover them.
SymptomsThe ransomware will encrypt your files with the AES encryption algorithm. All locked files will have the .Godra extension.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Godra

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Godra.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Godra Ransomware – Methods of Delivery

Godra ransomware might spread its infection with various methods. A payload dropper which initiates the malicious script for this ransomware is being spread around the World Wide Web, and researchers have gotten their hands on a malware sample. If that file lands on your computer system and you somehow execute it – your computer system will become infected. You can see the detections of such a file on the VirusTotal service right down here:

What is more, that payload file is triggered when opening a file called “Prijedlog_za_ovrhu_urbr_220-2017.pdf”, which is allegedly sent by thee Croatian Financial Agency (FINA), but they have left a message on their site that this is a phishing scam sent with a malicious email campaign, and people should NOT open anything related to that.

Godra ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware found in the forum section.

Godra Ransomware – In-Depth Overview

Godra is a virus that encrypts your files and extorts you to pay a ransom to supposedly recover them. The extortionists want you to pay in Bitcoin for the alleged restoration of your files.

Godra ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.

After encryption the Godra virus drops a ransom message in the following files:

  • KAKO OTKLJUČATI VAŠE DATOTEKE.txt
  • KAKO OTKLJUČATI VAŠE DATOTEKE.log

The note can be viewed from both .txt and .log files. You can see its contents from the following screenshot given here:

The ransom note is written in the Croatian language and states the following:

VAŠE OSOBNE DATOTEKE SU KRIPTIRANE!!!
UPOZORENJE!
NEMOJTE POKUŠAVATI DEKRIPTIRATI VAŠE DATOTEKE SAMI. SVAKO MODIFICIRANJE DEKRIPTIRANIH DATOTEKA BESPOVRATNO ĆE IH UNIŠTITI! JEDNI NAČIN ZA DEKRIPTIRANJE VAŠIH DATOTEKA JE DA DOSLJEDNO SLIJEDITE UPUTE!!!
Što se dogodilo s mojim računalom?
Sve Vaše bitne datoteke su kriptirane.
Svi Vaši dokumenti, fotografije, video materijali, baze podatka i ostale datoteke više nisu dostupne jer su kriptirane. Nemojte pokšavati i gubiti vrijeme na dekriptiranje ili povrat Vaših datoteka jer nitko ne može dekriptirati Vaše datoteke bez naše dekripcijske usluge.
Mogu li vratiti svoje datoteke?
Naravno. GARANTIRAMO vraćanje Vaših datoteke nakon plaćanja:
2.000,00 EUR (dvijetisućeeura) u BTC (BitCoin) protuvrijednosti
Imate 48 sati za slanje uplate, inače se cijena udvostručava. Također, ukoliko nakon još 72 sata ne izvršite uplatu, Vaše datoteke bit će bespovratno izgubljene. Nakon provedene uplate, pošaljite nam “User ID” i broj walleta s kojeg je napravljena uplata na [email protected]
User ID: 1513422729
Nakon toga, poslat ćemo Vam dekripcijski softver koji će vratiti Vaše datoteke. Napominjemo da *NI NA KOJI NAČIN* ne modificirate svoje kriptirane datoteke jer povrat NEĆE biti moguć.
Možete nam poslati datoteku na [email protected] (do 100kB) kako bi smo Vam dokazali da je dekripcija moguća.
KAKO PLATITI?
Primamo uplate samo u BTC (BitCoin) valuti. Uplata mora biti izvršena na sljedeću adresu:
13srq1SP93mEs7asR2UxWBUts3x9oUcuac
Ne koristite “deep web” novčanike poput Tor Wallet, Onion Wallet, Shadow Wallet, Hidden Wallet i slični.
Kupite BTC (BitCoin) samo sa službene BitCoin mjenjačnice!
Službena tečajna lista i cijene: https://howtobuybitcoins.info/
Preporuke za kupovinu: https://bit4coin.net/ ili https://www.coinbase.com/ ili https://xcoins.io/
Na Bit4Net nije potrebna registracija! Na Xcoins.io možete kupiti BitCoin putem PayPala!
E-mail adresa za komunikaciju: [email protected]
Pošaljite nam e-mail s Vašim “User ID” i walletom s kojeg je uplata napravljena!
UPOZORENJE!
NEMOJTE POKUŠAVATI DEKRIPTIRATI VAŠE DATOTEKE SAMI. SVAKO MODIFICIRANJE DEKRIPTIRANIH DATOTEKA BESPOVRATNO ĆE IH UNIŠTITI! JEDNI NAČIN ZA DEKRIPTIRANJE VAŠIH DATOTEKA JE DA DOSLJEDNO SLIJEDITE UPUTE!!!

Below you can see a rough translation of the ransom note in English:

YOUR PERSONAL DATA IS ENCRYPTED !!!
WARNING!
DO NOT DECRYPT THE FILES ON YOUR OWN. EVERY MODIFICATION OF THE ENCRYPTED FILES WOULD IRREPERABLY DELETE THEM! THE ONE WAY TO RECOVER YOUR DATA AND DOCUMENTS WILL BE SUSPENDED!
What happened to my computer?
All your essential files are encrypted.
All your documents, photos, video materials, databases, and other files are no longer available because they are encrypted. Do not be tricked and waste time on decrypting or retrieving your files because no one can decrypt your files without our decryption service.
Can I restore my files?
Of course. WE WARRANT to return your files after payment:
2.000,00 EUR (two thousand dollars) in BTC (BitCoin) countervalue
You have 48 hours to send a payment, otherwise the price doubles. Also, if you do not make a payment after 72 hours, your files will be irrevocably lost. After the payment has been made, please send us the “User ID” and the wallet number from which payment was made to [email protected]
User ID: 1513422729
After that, we will send you decryption software that will return your files. Please note that * YOU SHOULD NOT IN ANY WAY * modify your encrypted files because the return will NOT be possible.
You can send us a file at [email protected] (up to 100kB) to prove that decryption is possible.
HOW TO PAY?
We accept payments only in BTC (BitCoin) currency. Payment must be made to the following address:
13srq1SP93mEs7asR2UxWBUts3x9oUcuac
Do not use “deep web” wallets like Tor Wallet, Onion Wallet, Shadow Wallet, Hidden Wallet, and the like.
Buy BTC (BitCoin) only with official BitCoin Exchange!
Official exchange rate and prices: https://howtobuybitcoins.info/
Shopping recommendations: https://bit4coin.net/ or https://www.coinbase.com/ or https://xcoins.io/
Bit4Net does not need registration! You can buy BitCoin via PayPal at Xcoins.io!
E-mail address for communication: [email protected]
Send us an e-mail with your “User ID” and the wallet from which the payment was made!
WARNING!
DO NOT TRY TO DECRYPT YOUR FILES YOURSELF. EVERY MODIFICATION OF FILES WON’T HAVE MUCH SUCCESS! THE ONLY WAY TO DECRYPT YOUR FILES IS IMPORTANT TO FOLLOW THE NSTRUCTIONS !!!

The following e-mail address is used to contact the cybercriminals:

However, it is advised against contacting them. The e-mail address is on an encrypted service preferred by many cybercriminals to preserve their anonymity.

The note of the Godra ransomware states that your files are encrypted. You are demanded to pay 2.000 Euros in the Bitcoin cryptocurrency. However, you should NOT under any circumstances pay any ransom. Your files may not get recovered, and nobody could give you a guarantee for that. Moreover, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal acts.

Godra Ransomware – Encryption Process

What is known for the encryption process of the Godra ransomware is that every file that gets encrypted will receive the .Godra extension. The encryption algorithm used to lock files is AES.

The targeted extensions of files which are sought to get encrypted are currently unknown and if a list is discovered, it will be posted here as the article gets updated. The files used most by users and which are probably encrypted are from the following categories:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

The Godra cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

In case the above-stated command is executed that will make the encryption process more efficient. That is due to the fact that the command eliminates one of the prominent ways to restore your data. If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.

Remove Godra Ransomware and Restore .Godra Files

If your computer got infected with the Godra ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by Godra and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Godra.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Godra follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Godra files and objects
2. Find files created by Godra on your PC

IMPORTANT!
Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Godra

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...