Google ransomware (virus) - Recovery Instructions Included

by Alice Woods - - 2023-02-24 | Type: Ransomware

Special Offer

Google ransomware can lock users' personal files using encryption algorithms. Ransomware is a dangerous threat that can result in permanent data loss. Remove the malicious files as soon as possible. Read our guide fully for instructions.
Remove it now Remove it now

More information about Fortect and Uninstall Instructions. Please review Fortect EULA and Privacy Policy. Fortect scanner and manual repair option is free. An advanced version must be purchased.

More information about Intego and Uninstall Instructions. Please review Intego EULA and Privacy Policy. Intego scanner and manual repair option is free. An advanced version must be purchased.

Google virus Removal Guide

Description Quick solution Instructions Prevention

What is Google ransomware?

Google ransomware is a file-encrypting virus developed by cyber criminals to extort victims

Google ransomware Decrypting the files without paying the ransom may be impossible

Google ransomware is a member of the Chaos ransomware family. It infiltrates the network and encrypts critical files such as photos, videos, documents, databases, and so on. Because ransomware employs complex encryption algorithms, it can result in permanent data loss. Decryption without the assistance of cybercriminals is usually impossible.

This variant appends the .google extension to the files that are affected. So, if a file was previously named picture.jpg, it would look something like this after encryption – picture.jpg.google. The icons have also been converted to white pages. A ransom note is generated on the machine shortly after the encryption process is completed. It is a threat actor's message containing their demands.

This virus uses Google's name for the encrypted file marker, but it can be associated with Google company since the search engine providers and technology giant had many issues with spam campaigns and malware distribution via their channels. Google advertising network tools even got included in the malicious campaign where links were pushing malicious sites to users. The name of this huge company gets mudded by these hackers and cybercriminals' activities.

NAME	Google
TYPE	Ransomware, data locking virus, crypto virus
MALWARE FAMILY	Chaos ransomware
FILE EXTENSION	.google
RANSOM NOTE	read_it.txt
RANSOM AMOUNT	$24,622.70 in Bitcoins
DISTRIBUTION	Infected email attachments, peer-to-peer file-sharing platforms, torrents, software vulnerabilities
FILE RECOVERY	It is almost impossible to recover the files if you do not have backups or the decryption keys were not leaked; in some cases, recovery is successful with third-party software
ELIMINATION	Scan your machine with anti-malware software to eliminate the virus safely; this will not recover the locked files
SYSTEM FIX	You can avoid Windows reinstallation with FortectIntego maintenance tool, which can fix damaged files and system errors

The ransom note

Google ransomware drops a read_it.txt ransom note on the victim's machine:

All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $24,622.70. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama – hxxps://www.coinmama.com Bitpanda – hxxps://www.bitpanda.com

Payment informationAmount: 2.1473766 BTC
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV

The note offers a solution to recover the files and remove the ransomware from the computer by paying $24,622.70 in Bitcoin for special decryption software. The note also includes a Bitcoin payment address and two cryptocurrency^[1] exchange websites for purchasing Bitcoin.

Paying the ransom is not advised for several reasons. To begin with, paying the ransom does not imply that the cybercriminals will provide the decryption key or unlock the encrypted files. In many cases, victims paid the ransom but were still unable to access their files. Second, paying the ransom encourages cybercriminals to carry on with their illegal activities and target new victims.

Google ransom note Threat actors are asking for a huge amount of money for decryption

Distribution methods

It is unknown how this ransomware spreads, but cybercriminals typically exploit various software vulnerabilities^[2] to gain access. That is why it is critical to update the operating system and software in order to receive all patches. Software developers frequently release new updates, which should be installed as soon as they are available.

Email is another popular method of delivering ransomware. This method has a greater impact on workplaces because people use Office 365 and other programs to open files sent to them at work. Threat actors take advantage of this by attaching infected files to emails.

To make the email appear legitimate, various phishing techniques are employed. Some may appear to have been sent by colleagues, but hackers can also obtain friends' contact information and impersonate them, so users should always check with the person via another platform if they were not expecting any attachments.

People can also become infected by installing “cracked” software,^[3] though this is more common among home users because you cannot download shady files from a work computer. Because people rush through the installation process, these programs are frequently injected with malicious code or have malware bundled together in the installer.

Use professional security tools to eliminate ransomware

The most important step is to disconnect the affected machine from the local network. Disconnecting the ethernet cable should suffice for home users. If this occurred at your workplace, doing so may be difficult; therefore, we have instructions for corporate environments at the bottom of this post.

Attempting to recover your data first may result in permanent loss. It also has the ability to encrypt your files a second time. It will not stop until you remove the malicious files that are causing it. Unless you have prior experience, you should not attempt to remove the malicious program yourself.

Use anti-malware tools like SpyHunter 5Combo Cleaner or Malwarebytes to scan your system. This security software should find all the related files and entries and remove them automatically for you. In some cases, malware is not letting you use antivirus in normal mode, so you need to access Safe Mode and perform a full system scan from there:

Windows 7 / Vista / XP

Click Start > Shutdown > Restart > OK.
When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
Select Safe Mode with Networking from the list.

Windows 10 / Windows 8

Right-click on the Start button and select Settings.
Scroll down to pick Update & Security.
On the left side of the window, pick Recovery.
Now scroll down to find the Advanced Startup section.
Click Restart now.
Select Troubleshoot.
Go to Advanced options.
Select Startup Settings.
Click Restart.
Press 5 or click 5) Enable Safe Mode with Networking.

Fix system errors

Performance, stability, and usability issues, to the point where a complete Windows reinstall is required, are expected after a malware infection. These types of infections can alter the Windows registry database, damage vital bootup, and other sections, delete or corrupt DLL files, etc. Once a system file is damaged by malware, antivirus software is not able to repair it.

This is why FortectIntego was developed. It can fix a lot of the damage caused by an infection like this. Blue Screen errors, freezes, registry errors, damaged DLLs, etc., can make your computer completely unusable. By using this maintenance tool, you could avoid Windows reinstallation.

Download the application by clicking on the link above
Click on the ReimageRepair.exe
If User Account Control (UAC) shows up, select Yes
Press Install and wait till the program finishes the installation process
The analysis of your machine will begin immediately
Once complete, check the results – they will be listed in the Summary
You can now click on each of the issues and fix them manually
If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.

File recovery software

Many people think that they can fix their files with anti-malware tools, but that is not what they are designed for. All the security tools can do is detect suspicious processes in your system and eliminate malicious files. The truth is, that the files can be restored only with a decryption key or software that only cybercriminals have.

If you did not back up your data previously, you possibly lost your files forever. You can try using data recovery software, but third-party programs cannot always decrypt the files. We suggest at least trying this method. Before proceeding, you have to copy the corrupted files and place them in a USB flash drive or another storage. And remember – only do this if you have already removed the Google ransomware.

Before you begin, several pointers are essential while dealing with this situation:

Since the encrypted data on your computer might permanently be damaged by security or data recovery software, you should first make backups of it – use a USB flash drive or another storage.
Only attempt to recover your files using this method after you perform a scan with anti-malware software.

Install data recovery software

Download Data Recovery Pro.
Double-click the installer to launch it.
Follow on-screen instructions to install the software.
As soon as you press Finish, you can use the app.
Select Everything or pick individual folders where you want the files to be recovered from.
Press Next.
At the bottom, enable Deep scan and pick which Disks you want to be scanned.
Press Scan and wait till it is complete.
You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
Press Recover to retrieve your files.

Offer

do it now!

Download
Fortect Happiness
Guarantee Download
Intego Happiness
Guarantee

Compatible with Microsoft Windows Compatible with macOS

What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.

Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

Fortect review | Terms of Use | Privacy policy | Refund Policy | Uninstall guide

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.

Download SpyHunter 5 Review »

Malwarebytes

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Download Combo Cleaner Review »

Getting rid of Google virus. Follow these steps

Isolate the infected computer

Some ransomware strains aim to infect not only one computer but hijack the entire network. As soon as one of the machines is infected, malware can spread via the network and encrypt files everywhere else, including Network Attached Storage (NAS) devices. NAS devices are commonly compromised via reused administrator credentials and remote access services, and attackers may also delete existing snapshots. If your computer is connected to a network, it is important to isolate it to prevent re-infection after ransomware removal is complete.

In modern environments, ransomware often spreads using stolen credentials, remote management tools, VPN connections, and cloud synchronization services, not only through shared network drives.

The easiest way to disconnect a PC from everything is simply to plug out the ethernet cable. This does not disconnect wireless networks, VPN connections, or cloud services, which must also be disabled separately. However, in the corporate environment, this might be extremely difficult to do (also would take a long time). In many organizations, devices are centrally managed, and network isolation is typically performed by IT or security teams using endpoint security or device management tools. The method below will disconnect from all the networks, including local and the internet, isolating each of the machines involved.

On modern Windows systems, network connections can also be disabled through the Settings app or automatically isolated using endpoint detection and response (EDR) tools.

Type in Control Panel in Windows search and press Enter
Go to Network and Internet
Click Network and Sharing Center
On the left, pick Change adapter settings
Right-click on your connection (for example, Ethernet), and select Disable
Confirm with Yes.

If you are using some type of cloud storage you are connected to, you should disconnect from it immediately. It is also advisable to disconnect all the external devices, such as USB flash sticks, external HDDs, etc. Once the malware elimination process is finished, you can connect your computers to the network and internet, as explained above, but by pressing Enable instead. Before reconnecting, credentials should be reset, persistence mechanisms checked, and backups verified to ensure reinfection does not occur.

Find a working decryptor for your files

File encryption is a process that is similar to applying a password to a particular file or folder. However, from a technical point of view, encryption is fundamentally different due to its complexity. By using encryption, threat actors use a unique set of alphanumeric characters as a password that can not easily be deciphered if the process is performed correctly.

There are several algorithms that can be used to lock data (whether for good or bad reasons); for example, AES uses the symmetric method of encryption, meaning that the key used to lock and unlock files is the same. Unfortunately, it is only accessible to the attackers who hold it on a remote server – they ask for a payment in exchange for it. This simple principle is what allows ransomware authors to prosper in this illegal business.

While many high-profile ransomware strains such as Djvu or Dharma use immaculate encryption methods, there are plenty of failures that can be observed within the code of some novice malware developers. For example, the keys could be stored locally, which would allow users to regain access to their files without paying. In some cases, ransomware does not even encrypt files due to bugs, although victims might believe the opposite due to the ransom note that shows up right after the infection and data encryption is completed.

Therefore, regardless of which crypto-malware affects your files, you should try to find the relevant decryptor if such exists. Security researchers are in a constant battle against cybercriminals. In some cases, they manage to create a working decryption tool that would allow victims to recover files for free.

Once you have identified which ransomware you are affected by, you should check the following links for a decryptor:

No More Ransom Project

If you can't find a decryptor that works for you, you should try the alternative methods we list below. Additionally, it is worth mentioning that it sometimes takes years for a working decryption tool to be developed, so there are always hopes for the future.

Report the incident to your local authorities

Ransomware is a lucrative, highly illegal business, and authorities are actively targeting ransomware operators. The level of investigation and follow-up depends on the country, the scale of the incident, and whether the attack is linked to known ransomware groups. To increase the likelihood of identifying the culprits, the agencies need information. In many cases, reports are used primarily for intelligence gathering, trend analysis, and victim support rather than immediate identification of attackers.

Therefore, by reporting the crime, you could help stop the cybercriminal activities and catch the threat actors. Reporting does not guarantee investigation or recovery of data, but it contributes to broader efforts to track ransomware campaigns. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Relevant details may also include affected systems, ransom demands, cryptocurrency wallet addresses, and any communication with the attackers. Additionally, providing documents such as ransom notes, encrypted files, or malware executables would be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

USA – Internet Crime Complaint Center IC3
United Kingdom – ActionFraud
Canada – Canadian Anti-Fraud Centre
Australia – ScamWatch
New Zealand – ConsumerProtection
Germany – Polizei
France – Ministère de l'Intérieur

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

How to prevent from getting ransomware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author

Alice Woods - Likes to teach users about virus prevention

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

References

^ Kate Ashford. What Is Cryptocurrency?. Forbes. Investing Advisor.
^ Danny Palmer. The 25 most dangerous software vulnerabilities to watch out for. Zdnet. Computer Security.
^ Georgina Torbet. 5 Security Reasons Not to Download Cracked Software. Makeuseof. Security Blog.