World Grass Ransomware
World Grass, also going by the aliases EarthGress and EarthGrass, is a strain of file-encrypting malware, commonly classified as ransomware.
The ransomware will encrypt files on the victim system, appending a seemingly random alphanumeric string as a newly added extension. This means that a file called "photo.jpg" will transform into "photo.jpg.34r7hGr455" after it has been encrypted.
The ransomware will encrypt almost all files on the victim system, leaving essential system files untouched. Documents, media files and databases, as well as most archive files will be encrypted.
Once done, the World Grass ransomware will drop its ransom demands in a plain text file named "Read ME (Decryptor).txt". The ransom demand is pretty modest as far as ransomware goes, with the hackers asking for just $100 worth of cryptocurrency.
The full text of the ransom note goes as follows:
YOUR FILES ARE ENCRYPTED
#EarthGress
All your files have been encrypted due to a security problem with your PC.
If you want to restore them do this work,
Send 100$ BTC On this Address :-
Bitcoin Address = [alphanumeric string]
After Sending The Funds Write us to the e-mail :-
Email Address = earthgrass1 at protonmail dot com
(With The Transection Screenshot And Transection Details And Your Computer Details.)
Attention
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files of the help of third parties may cause increased price(they add their fee to our) or you can become a victim of a scam.