Remove KODG Ransomware Virus (Decryption Guide 2021)

KODG ransomware makes personal files inaccessible to demand a ransom

Contents

KODG ransomware makes personal files inaccessible to demand a ransom
The virus reaches victims via illegal downloads
Remove KODG virus and take actions to recover your data

KODG ransomware is a malicious computer virus which encrypts files using RSA cryptography and demands a ransom from the victim. This virus originates from STOP DJVU ransomware family. Once run, the virus disables firewalls, encrypts files adding .kodg file extensions to original data names, and leaves ransom-demanding notes called _readme.txt. The notes suggest contacting the criminals via restorefiles@firemail.cc or gorentos@bitmessage.ch for instructions how to buy STOP decryption tool for $980 or $490 in Bitcoin.

The virus uses either online or offline keys to encrypt data. It depends whether the virus manages to connect to its remote server during the encryption phase. An indication that it used offline key to encrypt data is t1 at the end of your personal ID in the ransom note _readme.txt. Victims of offline key attacks have a chance to restore some files in the future (read the FAQ below). Unfortunately, the same cannot be said about victims affected by the online keys.

KODG ransomware encrypts files and demands paying a ransom, offering a 50% discount if paid in 72 hours.

The attackers lock files safely as they want to force you to pay up

If your files were encrypted and you can’t find a way to open .kodg extension files, you must know that DJVU ransomware uses an exceptionally complex way to encode data.

There is no way to recover it using any third-party tools. For example, similar encryption is used to secure military-grade secrets, so you can’t expect to recover your files no matter how important they were. Currently, the only way to restore files is to use data backups or pay up, which we do not recommend doing.

The attackers suggest sending one file for decryption as they want to prove that they actually are capable of restoring the data if the ransom is paid. However, please remember that all they want is money and they might not restore your files even if you pay.

One of the victims reported that KODG file virus developers were quick to respond with one decrypted file, but disappeared as soon as the victim asked for more time to collect the ransom sum.

Threat Summary

Name	KODG ransomware virus
Threat Type	Ransomware (originates from STOP/DJVU Family)
Ransom	$490-$980
Encryption Used	RSA-2048
Decryption	Impossible. Recover files using a backup or wait for the offline key. The last option is to pay the ransom
Distribution	Illegal software activation tools such as software cracks, keygens (typically downloaded from various shady file sharing sites)
Additional information	Installs Azorult Trojan (password-stealing virus)
Removal	Remove using a trustworthy antivirus software of your choice

FAQ: Understand data recovery options

The primary goal for every KODG ransomware victim is to recover files. Hundreds of victims are looking for solution to restore years of memories, personal files, work documents and other relevant information lost in a blink of an eye. However, you must realize that all of that happened due to a mistake you made to download illegal files online, as the only way used for DJVU distribution is illegal software activation tools.

Now that your files are encrypted, here’s a fact sheet you need to know presented in a form of Frequently Asked Questions.

How to recover files encrypted by KODG ransomware?

You can recover .kodg files using data backups as soon as you remove the ransomware from your PC.

I don’t have a data backup. What are other .kodg file recovery options?

KODG ransomware uses online or offline key to encrypt data, depending if it manages to establish connection with its remote server. Files encrypted with offline key might be possible to decrypt in the future as soon as the security researchers will succeed in extracting the key. If encrypted with online key, free data recovery is nearly impossible.

What is the best way to remove KODG ransomware?

We recommend removing this ransomware using a trustworthy antivirus tool. The vast majority of antivirus programs can identify and successfully delete the said ransomware along with Azorult Trojan.

How can I protect myself after DJVU ransomware and Azorult Trojan attack?

To protect yourself after this variant of DJVU and Azorult Trojan attack, scan your computer with trustworthy security software while in Safe Mode. Then change all of your passwords, ESPECIALLY those saved in your browser.

My personal ID is X. Can I restore my files? Please help.

The only factor that determines whether you can restore your data is the ending of your personal ID. If it ends with t1, it means that an offline key was used to lock your files. Please be patient and wait for and update for STOP decryptor by Emsisoft.

There are two IDs in the _readme.txt ransom note. What does it mean?

It means that part of your files were encrypted with online and part with offline key.

If you want to learn more about data recovery options for DJVU ransomware victims, please check this guide.

If you have become a victim of this DJVU ransomware variant, please read the instructions provided below and remove KODG file virus safely.

The virus reaches victims via illegal downloads

KODG ransomware is distributed via online downloads that help to activate premium software without paying the subscription fee. In other words, DJVU variants such as KODG, PEET, MBED and others are waiting for victims in a form of software cracks and keygens. You may also install it along with some KMSPico downloads.

People attempting to download illegal files online might find themselves reading this ransom note by DJVU virus.

It is understandable why the ransomware developers use this technique to infect victims. Such downloads are extremely popular and computer users tend to ignore security experts’ warnings about dangers originating from interaction with them.

Remove KODG virus and take actions to recover your data

Please remove KODG ransomware virus before taking any actions regarding data recovery. Please do not plug your data backup into your computer before the malware is completely eliminated from your PC. Otherwise, the virus can corrupt your data backup as well.

We recommend using KODG removal guidelines presented below. These will help you to boot your computer in a safe environment. This way, you’ll succeed to run your antivirus without any interruptions.

As mentioned earlier, there are no decryption tools for this STOP/DJVU malware variant. However, if you can see an indication of offline key attack, you can hope to restore some files in the future. Meanwhile, concentrate on searching for data backups and changing your passwords.

OUR GEEKS RECOMMEND

Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:

STEP 1. REMOVE AUTOMATICALLY WITH ROBUST ANTIVIRUS

REMOVE & PROTECT WITH INTEGO

Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7.. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs.

Use INTEGO Antivirus to remove detected threats from your computer.

Read full review here.

STEP 2. REPAIR VIRUS DAMAGE TO YOUR COMPUTER

DOWNLOAD RESTORO

RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically.

RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them.

Read full review here.

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

KODG Ransomware Removal Guidelines

Method 1. Enter Safe Mode with Networking

Step 1. Start Windows in Safe Mode with Networking

Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it:

Instructions for Windows XP/Vista/7 users

First of all, turn off your PC. Then press the Power button to start it again and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. This launches the Advanced Boot Options menu.
Use arrow keys on the keyboard to navigate down to Safe Mode with Networking option and press Enter.

Instructions for Windows 8/8.1/10 users

Open Windows Start menu, then press down the Power button. On your keyboard, press down and hold the Shift key, and then select Restart option.
This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Networking. In this case, it is the F5 key.

Step 2. Remove files associated with the virus

Now, you can search for and remove KODG Ransomware files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).

REMOVE MALWARE & REPAIR VIRUS DAMAGE

1 Step. Get robust antivirus to remove existing threats and enable real-time protection

SECURE YOUR PC NOW

See Full Review

INTEGO Antivirus for Windows provides robust real-time protection, Web Shield against phishing and deceptive websites, blocks malicious downloads and blocks Zero-Day threats. Use it to remove ransomware and other viruses from your computer professionally.

2 Step. Repair Virus Damage on Windows Operating System Files

REPAIR VIRUS DAMAGE

See Full Review

Download RESTORO to scan your system for FREE and detect security, hardware and stability issues. You can use the scan results and try to remove threats manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically.

Method 2. Use System Restore

In order to use System Restore, you must have a system restore point, created either manually or automatically.

Step 1. Boot Windows in Safe Mode with Command Prompt

Instructions for Windows XP/Vista/7 users

Shut down your PC. Start it again by pressing the Power button and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. You will see Advanced Boot Options menu.
Using arrow keys on the keyboard, navigate down to Safe Mode with Command Prompt option and press Enter.

Instructions for Windows 8/8.1/10 users

Launch Windows Start menu, then click the Power button. On your keyboard, press down and hold the Shift key, and then choose Restart option with the mouse cursor.
This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Command Prompt. In this case, press F6 key.

Step 2. Start System Restore process

Wait until system loads and command prompt shows up.
Type cd restore and press Enter, then type rstrui.exe and press Enter. Or you can just type %systemroot%system32restorerstrui.exe in command prompt and hit Enter.
This launches System Restore window. Click Next and then choose a System Restore point created in the past. Choose one that was created before ransomware infection.
Click Yes to begin the system restoration process.

After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.

Alternative software recommendations

Malwarebytes Anti-Malware

Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense

If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.