GREEDYFATHER
GREEDYFATHER is a malicious representative of the Ransomware family that can encrypt your data and keep it hostage for ransom. After restricting access to the target data, GREEDYFATHER threatens you by displaying a message with ransom requests.You will typically find out that you have been infected with GREEDYFATHER after you try to open some of your files and they return an error message. Or you may get notified about the infection before having the chance to open some of the encrypted files by simply being greeted with a ransom message on your screen. In that message, you will typically be given some payment instructions, a deadline and a promise from the hackers that once you pay, they will send you a decryption key.
In this post, we have come up with some information about the way GREEDYFATHER, Hhaz or Hhuy operates and some methods that you can use to potentially remove the infection. You will find all the concrete steps for the removal of this ransomware and the subsequent file recovery in the manual guide below; but it is a good idea to keep in mind that, in some cases, it may not be possible to fully recover from the Ransomware’s attack. Still, it is worth giving a try.
The GREEDYFATHER virus
The GREEDYFATHER virus is a harmful piece of software that operates like ransomware. The GREEDYFATHER virus aims to secretly check your computer for specific file types, encrypt them and then make you pay for reversing the applied encryption.Getting yourself infected with GREEDYFATHER is not that hard. All you have to do is to carelessly click on unexpected e-mails or attachments, land on a malicious ad, or get rerouted to a website that has been compromised. Sometimes a Trojan horse can also deliver the ransomware in the system by exploiting an existing system vulnerability through which it can sneak it in. Downloading videos, movies, cracked programs and torrents is also among the most common ways to land Ransomware in your system, so try to stick to reputed web locations and install software only from known developers.
The GREEDYFATHER file encryption
The GREEDYFATHER file encryption is a method through which a group of cyber criminals has found a way to restrict access to user files. The GREEDYFATHER file encryption is used to encode certain digital information so that a ransom can be demanded for its liberation. Many web users frequently ask our “How to remove” team what they should do if their computer has been attacked by ransomware. Sadly, this question doesn’t have a correct answer. You’re going to have to choose between some very limited options one of which is to pay the required ransom. The second one is to try to remove the virus and recover from its attack on your own. Unfortunately, whether you choose to pay the ransom or not, your files will be at great risk because nothing can guarantee that your encrypted files will be successfully decrypted or that the virus will be safely removed from your device. Yet, we believe that you have to exhaust all of your options if you don’t want to support hackers and one of these options is our removal guide. Another option is to use the help of a good anti-Ransomware tool such as the one on this page.
Eventually, once you manage to remove GREEDYFATHER, check for any backup copies of your data and learn to create external backups of the information that you don’t want to lose in the future.
SUMMARY:
| Name | GREEDYFATHER |
| Type | Ransomware |
| Danger Level | High (Ransomware is by far the worst threat you can encounter) |
| Symptoms | Very few and unnoticeable ones before the ransom notification comes up. |
| Distribution Method | From fake ads and fake system requests to spam emails and contagious web pages. |
| Detection Tool | Some threats reinstall themselves if you don't delete their core files. We recommend downloading SpyHunter to remove harmful programs for you. This may save you hours and ensure you don't harm your system by deleting the wrong files. |
OFFERRemove GREEDYFATHER Ransomware
Some of the steps will likely require you to exit the page. Bookmark it for later reference.
Reboot in Safe Mode (use this guide if you don’t know how to do it).
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous.
Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:
After you open their folder, end the processes that are infected, then delete their folders.
Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.
Hold the Start Key and R – copy + paste the following and click OK:
notepad %windir%/system32/Drivers/etc/hosts
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Type msconfig in the search field and hit enter. A window will pop-up:
Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.
- Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.
Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.
Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you delete entries not related to the ransomware.
Type each of the following in the Windows Search Field:
- %AppData%
- %LocalAppData%
- %ProgramData%
- %WinDir%
- %Temp%
Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!
How to Decrypt GREEDYFATHER files
We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.
If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!
Leave a Comment