GREEDYFATHER Virus 🔐 (.GREEDYFATHER Files) — How to Remove?

by Brendan Smith
December 15, 2023

The Greedyfather virus belongs under the ransomware type of malicious agent. Harmful software of such sort encrypts all user’s data on the computer (photos, documents, excel sheets, music, videos, etc) and adds its extra extension to every file, creating the GREEDYFATHER.txt files in every directory with the encrypted files.

What is known about the Greedyfather virus?

Greedyfather appends its own .GREEDYFATHER extension to every file’s name. For example, an image named “photo.jpg” will be turned into “photo.jpg.GREEDYFATHER”. In the same manner, the Excel sheet with the name “table.xlsx” will be renamed to “table.xlsx.GREEDYFATHER”, and so forth.

In each folder that contains the encrypted files, a GREEDYFATHER.txt text document will be created. It is a ransom money memo. Therein you can find information about the ways of contacting the racketeers and some other information. The ransom note usually contains a description of how to purchase the decryption tool from the ransomware developers. You can get this decoding tool after contacting [email protected] by email. That is pretty much the scheme of the felony.

Greedyfather Overview:

Name Greedyfather Virus
Extension .GREEDYFATHER
Ransomware note GREEDYFATHER.txt
Contact [email protected]
Detection Win32/Filecoder.Avaddon.H, TrojanDropper:Win32/BcryptInject.A!MTB, BScope.TrojanRansom.Reveton
Symptoms Your files (photos, videos, documents) have a .GREEDYFATHER extension and you can’t open them.
Fix Tool See If Your System Has Been Affected by Greedyfather virus

The GREEDYFATHER.txt file coming in package with the Greedyfather ransomware provides the following frustrating information:

GREEDYFATHER Ransomware
ATTENTION!
YOUR PERSONAL DECRYPTION ID - -
At the moment, your system is not protected.
We can fix it and restore your files.
To get started, send 1-2 small files to decrypt them as proof
You can trust us after opening them
2.Do not use free programs to unlock.
OUR CONTACTS:
1) TOX messenger (fast and anonymous)
hxxps://tox.chat/download.html
Install qtox
Press sign up
Create your own name
Press plus
Put there our tox ID:
E9164A982410EFAEBC451C1D5629A2CBB75DBB6BCDBD6D2BA94F4D0A7B0B616F911496E469FB
And add me/write message
2)ICQ - @GREEDYFATHER
3)SKYPE - GREEDYFATHER Decryption
Also we have a temporary mail,pls use it only if neccesary
[email protected]

In the picture below, you can see what a folder with files encrypted by the Greedyfather looks like. Each filename has the “.GREEDYFATHER” extension appended to it.

Greedyfather Virus - encrypted .GREEDYFATHER files

That is how encrypted “.GREEDYFATHER” files look.

How did my machine catch Greedyfather ransomware?

There is a huge number of possible ways of ransomware injection.

Nowadays, there are three most exploited methods for malefactors to have ransomware acting in your system. These are email spam, Trojan introduction and peer file transfer.

  • Another thing the hackers might try is a Trojan horse model. A Trojan is a program that gets into your PC disguised as something else. For instance, you download an installer of some program you need or an update for some program. However, what is unpacked turns out to be a harmful program that compromises your data. Since the installation package can have any title and any icon, you’d better be sure that you can trust the resource of the files you’re downloading. The best way is to trust the software developers’ official websites.
  • As for the peer file transfer protocols like BitTorrent or eMule, the threat is that they are even more trust-based than the rest of the Web. You can never know what you download until you get it. Our suggestion is that you use trustworthy resources. Also, it is reasonable to scan the folder containing the downloaded items with the antivirus as soon as the downloading is finished.

How do I get rid of ransomware?

It is crucial to note that besides encrypting your data, the Greedyfather virus will most likely deploy Vidar Stealer on your PC to seize your credentials to various accounts (including cryptocurrency wallets). The mentioned spyware can derive your logins and passwords from your browser’s auto-filling data.

How do I avoid ransomware injection?

Greedyfather ransomware doesn’t have a superpower, neither does any similar malware.

You can protect yourself from its attack in several easy steps:

  • Never open any letters from unknown mailers with strange addresses, or with content that has nothing to do with something you are waiting for (can you win in a money prize draw without even taking part in it?). In case the email subject is likely something you are expecting, check all elements of the dubious email with caution. A hoax letter will surely have a mistake.
  • Avoid using cracked or unknown programs. Trojan viruses are often distributed as a part of cracked software, most likely as a “patch” which prevents the license check. But untrusted programs are very hard to tell from reliable ones, because trojans sometimes have the functionality you need. Try to find information on this program on the anti-malware forums, but the best way is not to use such programs at all.

FAQ

🤔 How can I open “.GREEDYFATHER” files?Are the “.GREEDYFATHER” files accessible?

Negative. That is why ransomware is so frustrating. Until you decode the “.GREEDYFATHER” files you will not be able to access them.

🤔 I really need to decrypt those “.GREEDYFATHER” files ASAP. How can I do that?

If the “.GREEDYFATHER” files contain some really important information, then you probably have them backed up. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. There are other ways to beat ransomware, but they take time.

🤔 What to do if the Greedyfather malware has blocked my computer and I can’t get the activation code.

🤔 What can I do right now?

Many of the encrypted files might still be within your reach

  • If you exchanged your critical files through email, you could still download them from your online mail server.
  • You might have shared images or videos with your friends or relatives. Just ask them to give those images back to you.
  • If you have initially downloaded any of your files from the Internet, you can try downloading them again.
  • Your messengers, social networks pages, and cloud disks might have all those files too.
  • It might be that you still have the needed files on your old PC, a portable device, mobile, external storage, etc.

HINT: You can employ data recovery programs1 to retrieve your lost information since ransomware encodes the copies of your files, removing the original ones. In the video below, you can see how to recover your files with PhotoRec, but be advised: you can do it only after you kill the ransomware itself with an anti-malware program.

I need your help to share this article.

It is your turn to help other people. I have written this guide to help users like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith

References

  1. Here’s the list of Best Data Recovery Software Of 2023.

About the author

Brendan Smith

Cybersecurity analyst covering malware families, suspicious files, and detection alerts. Brendan focuses on clear explanations of what a warning means, when it may be a false positive, and which cleanup steps are appropriate.

View all posts

Leave a Comment