Godes ransomware (Free Guide) - Decryption Methods Included

Godes virus Removal Guide

What is Godes ransomware?

Godes ransomware is a file-locker virus that tricks people into paying $980 ransom by encrypting their files and marking them with .godes extension

Godes ransomwareGodes ransomware is the virus that claims in the ransom note that there is no possibility to restore files without payment.

Godes ransomware is the cryptovirus that encourages victims to contact the cybercriminals behind the threat when important data gets encrypted and becomes useless. This is a variant of the STOP virus/Djvu ransomware that is already known for the cybersecurity researchers, so there is a possibility to get the affected data decrypted. For that, you should rely on Michael Gillespie, and the STOP decrypter tool that is continuously updated after each new version in this family of ransomware gets released in the wild. However, this is one of the more active cryptovirus versions, so keep your encrypted data and wait for the needed update, while obliterating the threat from the system.

Particular Godes ransomware virus features include all the common and typical symptoms of the file-locking malware and other features that developers are not changing for a while. Since the ransom note gets delivered in _readme.txt, the message itself remains the same as for other previous versions, and the ransom amount still is $980, contact emails gorentos@bitmessage.ch, varasto@firemail.cc are used for a while in the family, the only unique feature belonging to this variant is .godes file marker which gets placed on every document or a different file after encryption.

Name Godes ransomware
Type Cryptovirus
File marker .godes
Ransom note _readme.txt
Family DJVU/STOP virus
Contact emails gorentos@bitmessage.ch, varasto@firemail.cc
Distribution Spam email attachments, other malware
Decryption STOP decryptor (download)
Elimination Install FortectIntego to remove Godes ransomware alongside the virus damage

Godes ransomware cryptovirus is the common yet one of the most dangerous cyber threats that lock victims' file using an encryption algorithm.[1] The initial focus of this virus is to make victims' data useless because this way, the ransom note can be delivered with a direct ransom demand.

The Godes ransomware attack starts with finding files in particular formats that are needed for the encryption. Photos, videos, audio files, documents, and even archives get chosen for the process and get encoded what leads to useless and locked data. Then the virus marks all the affected files with .godes file extension.

Once the initial process of file locking ends, the ransom note file is placed in every folder containing such encoded data and on the Desktop. This text file named _readme.txt displays all the details about Godes ransomware encryption process and reveals more tips on the payment and possible decryption, contact methods. Developers claim that you can get a discount of 50%, but you shouldn't even consider contacting them or paying the demanded amount.

Godes ransomware virusGodes ransomware is the cryptovirus that delivers various claims about your affected data in the ransom note file named _readme.txt.

If you consider the test decryption offered by criminals, you can get more severe malware installed than this initial Godes ransomware, or even tricked into revealing personal information. Any contact between the victim and the crypto-extortionist can lead to money or data loss because these people are focusing on getting money from people, not on restoring their files.

Godes ransomware ransom message states the following:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest
encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:


Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:


Reserve e-mail address to contact us:


Our Telegram account:

The message, as well as other features of the virus, are not changed when compared to other previous versions in the same family. However, these facts don't make the Godes ransomware virus less dangerous or malicious. You should react as soon as you notice any suspicious activity on the machine because while your files get encrypted, this ransomware also alters system settings and affects the performance of the machine significantly.

Godes ransomware removal is important for the whole device because such threat directly encodes your personal files, but alter all the important system folders and preferences in addition. The automatic method helps to eliminate all those changes because system tools and anti-malware programs can indicate various issues and virus damage during the thorough check on the computer.

When all the particular issues with your device get indicated, you can remove Godes ransomware and other possibly installed programs or malware at the same time. This is the best recommendation from experts[2] because automatic virus termination methods allow deleting all the damage and improve the general performance of the infected machine afterward.

You should choose a reliable anti-malware tool for the process of system cleaning and Godes ransomware virus damage removal. It is a big chance, based on the detection rate,[3] that most of the commonly found antivirus programs can work for the process. We can also recommend using FortectIntego to double-check and clean the programs that may be left behind.

Godes file-locking virusGodes is the virus that belongs to a ransomware category because it locks users' files and demands ransom for the alleged file recovery.

Malicious code may be used as URLs or file attachments on legitimate-looking emails

The primary goal of such a virus is to encrypt users' files and demand a ransom. For that reason, such threats like ransomware come to the system using silent and malicious techniques. One of the most used methods for this type of virus is spam email campaigns during which people download and open files or links filled with malicious script.

Such infection happens when the user receives an email with either a file attached to the notification directly or suspicious hyperlinks, in-text links. The user needs to download and open the document or a PDF attached to such email to trigger the malicious macros and infect the machine with malware.

You can avoid these infections if you pay closer attention to the email you get on the email box. When the notification raises suspicions, you need to delete them immediately. Do not risk getting any cyber infection on the machine by opening and downloading questionable files or clicking on shortened or hidden links.

Get rid of Godes ransomware virus damage by cleaning the system fully

Since Godes ransomware virus is the threat that affects significant parts of the machine, you need to take precautionary measures and check all the parts of the device to be sure that everything runs smoothly and malware is not damaging your PC. This threat can disable some functions on the system like security tools and third-party antivirus programs.

For that reason, you should reboot the machine in the Safe Mode before scanning the system with anti-malware tools and remove Godes ransomware this way. Antivirus program then can detect all the malicious programs and corrupted files without virus interference.

Make sure to fully scan the machine and repeat the check a few times to be sure that Godes ransomware removal gave you the best results possible. Also, tools like FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes can help you clean the machine from malware, virus damage and restore needed Windows files.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Godes virus. Follow these steps

Manual removal using Safe Mode

Delete Godes ransomware by rebooting the machine in Safe Mode with Networking and then running a scan with anti-malware tool

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Godes using System Restore

System Restore can improve the performance by eliminating threats like Godes ransomware once the system is recovered

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Godes. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Godes removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Godes from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Godes, you can use several methods to restore them:

Data Recovery Pro is the program that can make a huge difference when you don't have reliable data backups

Restore files affected by Godes ransomware or deleted accidentally with Data Recovery Pro

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Godes ransomware;
  • Restore them.

Windows Previous Versions can help with Godes ransomware encrypted files

If System Restore gets enabled on the computer, Windows Previous Versions can be used to recover data affected by the virus

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer is the method useful after Godes ransomware attack

You can recover files with ShadowExplorer encrypted by Godes ransomware if Shadow Volume Copies are left unaffected

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Try STOP decrypter

You can use STOP decryptor (download)

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Godes and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions