GrujaRSorium Ransomware Removal Guide

Do you know what GrujaRSorium Ransomware is?

GrujaRSorium Ransomware is a malicious threat that can slither into your operating system and encrypt your personal files. Over 200 different types of files can be affected by this infection, including .TXT, .DOC, .DOCX, .XLS, .XLSX, .PPT, .PPTX, .ODT, JPEG, and .PNG files. Obviously, if you cannot download these files again, the original files might be lost forever. Hopefully, backup copies exist, and you can use them after you remove GrujaRSorium Ransomware. If you do not own backups, the corrupted files – which you will recognize by the added “.aes,”“.aesed,” or “.GrujaRS” extension – will be unrecoverable. This might make you panic, but you should not lose your head and start following the demands of cyber criminals. Instead, you want to stop and think. Our research team recommends deleting the infection right away, but you can make up your own mind about what to do once you finish reading this report.

According to our research team, the devious GrujaRSorium Ransomware is likely to exploit RDP (remote desktop protocol) vulnerabilities or spam emails to slither in. In the later case, the infection’s launcher could be introduced to you as a PDF file, for example, and if the message was convincing enough, you could be tricked into executing the threat yourself. Without a doubt, that is something you want to avoid at all cost. If you are unable to defend the system against GrujaRSorium Ransomware, and if your system is not protected by reliable anti-malware software that could delete it before its execution, the encryption of your personal files begins almost immediately. After that is done, the threat launches a window with this message: “All files have been encrypted using unique 32 chars , and AES-256 + RSA-4096 (encryption has not never)! Your files DESTROYED!”

GrujaRSorium Ransomware also drops a PNG file (either named “GrujaRS.png” or “Infectied.png”), which represents a slightly different message. According to it, files can be restored if you contact the attackers within one week by emailing them at Should you do it? You can do whatever you want, but we do not recommend emailing the attackers. If you do it, set up a new email address to ensure that your normal inbox does not get flooded with spam, and make sure you interact with the sent messages carefully. If the attackers send you any files or links, you should think twice before opening them. Of course, the main goal for the creator of GrujaRSorium Ransomware is to push you to pay a ransom, and we do not recommend doing that either. Once you pay the ransom, getting the money back will be impossible, and, considering that a decryptor is unlikely to be given in exchange, you will want that. This is why we want to focus on the removal of this malware.GrujaRSorium Ransomware Removal GuideGrujaRSorium Ransomware screenshot
Scroll down for full removal instructions

One sample of the malicious GrujaRSorium Ransomware was found to delete itself, but we cannot guarantee that every single version of this infection will do the same. Eliminating this threat manually can be difficult, but if you know where the launcher file is, you might be able to remove it instantly. If you can delete GrujaRSorium Ransomware manually, do not waste another moment. If you are unable to erase this threat yourself, it might be high time for you to install legitimate anti-malware software. It will automatically erase active threats, and it will ensure reliable full-time Windows protection at the same time. Without this protection, you will need to fend off malware on your own.

Remove GrujaRSorium Ransomware

  1. Delete ALL recently downloaded suspicious files (e.g., the downloaded spam email attachment).
  2. Delete the ransom note file. Either name GrujaRS.png or Infectied.png. The location of this file might also be the location of the infection’s launcher.
  3. Empty Recycle Bin to eliminate the launcher and the PNG file completely.
  4. Install a reliable malware scanner to inspect your system and check if malware leftovers exist.

In non-techie terms:

GrujaRSorium Ransomware is a malicious infection, and it was created to encrypt your files and deliver a message prepared by cyber criminals. According to this message, your files will remain encrypted until you message the attackers and then, eventually, pay the ransom. Although the ransom is not mentioned in the original message, we assume that that is what the attackers want. The reality is that even if you pay the ransom twice, your files are unlikely to be restored, and so we do not recommend interacting with cyber criminals at all. In fact, the only thing we recommend doing is implementing an anti-malware program that could secure your operating system and automatically remove GrujaRSorium Ransomware. When it comes to the corrupted files, even though recovering them might be impossible, maybe you have backup copies that can replace them? Hopefully, that is the case.