Tuesday, 19 December 2017 00:00

Kako očistiti Godra ransomware virus i dekodirati podatke / Godra – ransomware pogađa korisnike iz Hrvatske /FINA upozorila

Written by 
Rate this item
(1 Vote)

How to remove Godra ransomware and decrypt files
Mi ćemo očistiti virus Godra i vratiti Vaše podatke.

--> email: This email address is being protected from spambots. You need JavaScript enabled to view it. Viber: +387-63-997-996

We will clean the virus Godra and return/restore your data. 

File Godra ransomware. How to remove? (Uninstall guide)

What is Godra ransomware?
File Godra ransomware targets victims from Croatian

Godra trojan ransomware - FINA upozorila na pokušaj prijevare putem emaila: Ne nasjedajte na lažni email
Godra – ransomware that targets Croatian computer users

Details about Godra Ransomware

Don't say we didnt warn you!
The encrypted files are not the only damage done to you. Godra still hides in your system and may return to encrypt your hard drives again later. The ransomware ca be very hard to track down and eliminate.

Godra is a new addition to the notorious Ransomware family. This threat acts as a cryptovirus, which means it uses a very complex encryption algorithm in order to make all the data, which could be found inside the computer, unreadable. By applying the encryption, the malware basically makes all files unrecognizable by the system. In some cases, it even changes their file extensions to ensure that no other software can open or use them. When this malicious process is completed, a ransom message is displayed on the victim’s screen, asking them to pay for a decryption solution that can release the files form the encryption. Unfortunately, when the ransom message has appeared, it is too late for any prevention or protection actions because Godra has already completed its task. The hackers, who control the infection, usually insist on a quick ransom payment, otherwise, they may threaten to double the ransom amount or delete the decryption key for your files if you don’t act by the given deadline.

Ako ste nasjeli na prevaru i otvorili / startovali virus možemo Vam pomoći.
Čistimo Virus Godra i uspjevamo povratiti podatke do sada u više od 8 primjera.
Kontaktirajte nas preko web stranice: www.Leonardo.ba
Ili email-a: This email address is being protected from spambots. You need JavaScript enabled to view it. ili Viber/tel.: +387-63-997-996

Internet prevare sve su učestalija pojava u svim sektorima društva i gotovo da ne postoji osoba koja je prisutna online, a koja barem jednom nije bila napadnuta na neki način od strane ljudi zloćudnih namjera. Internet prevare najčešće napadaju upravo one najmanje upućene korisnike, koji su skloni nasjesti na odlične ponude ili primamljive geste.
Ovih se dana jedan takav napad proširio i putem epošte mnogobrojnih korisnika u Hrvatskoj. Radi se o pokušaju prevare putem emaila u kojoj se navodi kako je protiv korisnika pokrenut ovršni postupak. Točan naslov emaila glasi: Elektronička obavijest o pokretanju ovršnog postupka.
Slika u prilogu:

Godra trojan ransomware - FINA upozorila na pokušaj prijevare putem emaila: Ne nasjedajte na lažni email

Kako bi se poruka pokazala u što vjerodostojnijem svijetlu, sve ja napravljeno tako da liči kao da poruku šalje FINA. Jasno, iza ovog pokušaja prevare nema Financijske agencije i od čega se FINA jasno distancirala kada je saznala što se događa.
Radi se o akciji gdje se putem emaila pokušavaju dobiti neki povjerljivi podaci od korisnika, koji se kasnije mogu koristiti u različite svrhe. Cjelokupni proces prevare vrlo je dobro osmišljen i nažalost mnogu ljudi skloni su nasjesti na njega. Ipak, s obzirom da su ove informacije vrlo brzo procurile u javnost, nadamo se kako će ljudi vidjeti na vrijeme da se radi o prevari.
Danas je na internetu javno dostupno mnogo naših podataka i to se pokušava iskoristiti na razne načine. Trgovanje informacijama je jako popularno jer danas informacije imaju veliku vrijednost. Zbog toga, potrebno je u što većoj mjeri zaštiti one povjerljive podatke i nikako ih ne davati ako niste 100 posto sigurni kome dajete podatke.
Slične prevare već su bile puštane i prije, a nedavni primjer bilo je i predstavljanje putem Porezne uprave. Ovog puta, subjekt je FINA koja je javnost obavijestila o cijeloj prevari i jasno se ogradila od loših namjera napadača. Ono što preporučujemo jest da poruke sumnjivog sadržaja koje traže neke povjerljive podatke o vama, zaobilazite u širokom luku.

Mi ćemo očistiti virus Godra i vratiti Vaše podatke.

--> email: This email address is being protected from spambots. You need JavaScript enabled to view it. Viber: +387-63-997-996

We will clean the virus Godra and return/restore your data. 

Čistimo Virus Godra i uspjevamo povratiti podatke

Godra is a file-encrypting virus that has been noticed spreading in Croatia, in December 2017. Malware affects Windows x64 systems and uses AES cryptography to corrupt files on the targeted device. After the attack, all data is locked with .godra file extension.

Following data encryption, Godra ransomware drops two files on the affected device:

KAKO OTKLJUČATI Vaše DATOTEKE.txt
KAKO OTKLJUČATI Vaše DATOTEKE.log
The .log file is responsible for delivering a pop-up notification that informs about data encryption and asks to send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.. Meanwhile, the .txt file includes a detailed explanation that users have to transfer 2.000 euros in 48 hours to restore files encrypted by Godra virus.

Data recovery instructions also include the link to the Bitcoin wallet address where victims are supposed to send ransoms and unique ID number. Once people make a transaction, they are asked to contact developers of Godra and provide their identification number via mentioned email address.

However, if victims do not pay in two days, the size of the ransom will double. If crooks do not receive the payment within 72 hours, they will delete encrypted files, says the ransom note. In order to give victims guarantee that Godra decryptor exists, criminals allow sending one file (up to 100 KB) for a free decryption.

However, security experts suggest not following these instructions because it may lead not only to data loss but money loss as well. Once you transfer the ransom, crooks might disappear and use your money for further cyber crimes. Instead of risking to increase the damage, you should remove Godra from the PC.

After the attack, you should restart your computer to Safe Mode with Networking and run a full system scan with malware removal software. The reputable program such as Reimage can perform Godra removal quickly.

Ransomware spread via malicious emails that pretend to be sent from well-known company Fina
Malware payload spreads as Prijedlog_za_ovrhu_urbr_220-2017.pdf file which is attached to the malicious email. The subject line of these emails are “Elektronička obavijest o pokretanju ovršnog postupka,” (translation to English: “Electronic Notice of Enforcement of Enforcement Procedure”) and they look like sent from Croatian Financial Agency (FINA).

The company released an official statement on their website warning users and customers to be careful. All their sent emails have a domain name fina.hr. Thus, any other endings of the emails are sent by cyber criminals.

However, users who open a malicious attachment, receive a notification from Adobe Acrobat Reader that it is unable to open this file. But opening this file is enough for ransomware to infiltrate the system.

Therefore, Croatian computer users should be cautious and do not rush to click attached .pdf file without checking if it was really sent from the legitimate company. The main signs of the malicious email are:

 FINA prijedlog za ovrhu - Trojan Godra ransomware spread

grammar or spelling mistakes,
lack of credentials,
suspicious email address,
you do not use FINA's services.
Therefore, before opening an email attachment, you have to check information about the sender online and make sure that it’s actually safe to open.

Elimination of the Godra ransomware virus
To remove Godra from the device, you have to obtain reputable malware removal software. Trying to locate and delete ransomware-related components might lead to irreparable damage to the system. Thus, you have to use automatic virus removal tools.

We recommend Reimage or Malwarebytes Anti Malware for Godra removal. However, feel free to use your preferred software as well. However, don’t forget to update it before running a system scan! Additionally, if malware prevents from installing or running security tool, follow the guide below.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Godra ransomware you agree to our privacy policy and agreement of use.

Manual Godra virus Removal Guide:
Method 1. Remove Godra using Safe Mode with Networking
Method 2. Remove Godra using System Restore
Bonus: Recover your data

Godra is a file-encrypting virus that has been noticed spreading in Croatia

REMOVE GODRA USING SAFE MODE WITH NETWORKING

To enable automatic ransomware removal, follow these steps:

Step 1: Reboot your computer to Safe Mode with Networking

FINA - GODRA - KAKO OTKLJUČATI Vaše DATOTEKE

Windows 7 / Vista / XP
Click Start → Shutdown → Restart → OK.
When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
Select Safe Mode with Networking from the list


Windows 10 / Windows 8
Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.

Step 2: Remove Godra
Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Godra removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

REMOVE GODRA USING SYSTEM RESTORE

This method might also help to disable Godra ransomware and perform its automatic removal:]

Step 1: Reboot your computer to Safe Mode with Command Prompt

Windows 7 / Vista / XP
Click Start → Shutdown → Restart → OK.
When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
Select Command Prompt from the list

Windows 10 / Windows 8
Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.

Step 2: Restore your system files and settings
Once the Command Prompt window shows up, enter cd restore and click Enter.

Now type rstrui.exe and press Enter again..

When a new window shows up, click Next and select your restore point that is prior the infiltration of Godra. After doing that, click Next.

Now click Yes to start system restore.

Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Godra removal is performed successfully.


Bonus: Recover your data
Guide which is presented above is supposed to help you remove Godra from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.
If your files are encrypted by Godra, you can use several methods to restore them:

Data Recovery pro might help to restore files with .godra extension
Nevertheless, it's not an official decryption software; it might still help to recover some of the corrupted files.

Download Data Recovery Pro;
Follow the steps of Data Recovery Setup and install the program on your computer;
Launch it and scan your computer for files encrypted by Godra ransomware;
Restore them.
Windows Previous Versions feature helps to access the most important data
This Windows OS feature allows accessing saved files before Godra ransomware attack. However, it allows copying only individual files and under one condition – System Restore had to be enabled before the assault.

Find an encrypted file you need to restore and right-click on it;
Select “Properties” and go to “Previous versions” tab;
Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
Try ShadowExplorer
If ransomware did not delete Shadow Volume Copies of the targeted files, you can restore files using ShadowExplorer:

Download Shadow Explorer (http://shadowexplorer.com/);
Follow a Shadow Explorer Setup Wizard and install this application on your computer;
Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

The official Godra Decryptor is not available yet.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Godra and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-Malware or Malwarebytes Anti Malware

Ako ste nasjeli na prevaru i otvorili / startovali virus možemo Vam pomoći.
Čistimo Virus Godra i uspjevamo povratiti podatke do sada u više od 8 primjera.
Kontaktirajte nas preko web stranice: www.Leonardo.ba
Ili email-a: This email address is being protected from spambots. You need JavaScript enabled to view it. ili Viber/tel.: +387-63-997-996

SUMMARY:

Name Godra
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

 

Read 220 times Last modified on Saturday, 23 December 2017 21:45