Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Remove CryptoJoker Ransomware and Restore .crjoker Files

A new ransomware has been detected to infect user PCs, encrypting sensitive files, called CryptoJoker. However, contradictory to its name the cyber-threat is not funny business at all. The ransomware variant has been outlined to infect files with multiple file extensions massively and encrypt them via a AES-256 bits encryption algorithm and the decryption may be possible only if there are holes in the decrypted file since it is very strong in bits. All users who have been infected should immediately disconnect from the internet and check whether or not they have backup. All users who have not been infected should back up their data to both an external drive and shadow volumes.

Name CryptoJoker Ransomware
Type Ransomware Trojan
Short Description Encrypts user files, corrupting them hence making them impossible to be opened.
Symptoms Users may witness a ransom note with instructions on how to pay and their files encrypted with the .crjoker extension. (ex. /filename/.jpg.crjoker)
Distribution Method Malicious URLs, malicious email attachments
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by CryptoJoker Ransomware
User Experience Join our forum to discuss CryptoJoker Ransomware.


CryptoJoker – How Does It Spread

There are several ways by which this vile threat may be through malicious attachments in Spam e-mail messages. The Ransomware is distributed in near identical way most Trojan Horses are spread. CryptoJoker is reported to spread via several different documents and files, one of which was reported to be a .pdf document that may have been infected via a compilator. Users are advised also to keep their eyes peeled for any suspicious sites that they visit.

CryptoJoker Ransomware – How Does It Work?

Once activated on the user PC, the ransomware Trojan begins to deploy its payload files in the following locations:


The payload modules may be of the following file formats:

.dll; .exe; .tmp; .dat; .bat; .vbs;

After they have been activated, the Trojan may perform different activities such as delete the Shadow Volume Copies of Windows, delete backups and modify the Windows Registry Editor. After this has been performed, the Trojan may begin to scan for the following file extensions:

.txt, .docx, .doc, .xls, .pdf, .java, .jpeg, .sql, .db, .docm, .odt, .csv, .xlsb, .xlsm, .aspx, .html, .psd, .pptx, .mdb, .sln, .xlsx

After this process is complete the rasomware may encrypt either portion of the designated file or the whole file with a strong AES-256 bit encryption algorithm changing their extension to “.crjoker”.

The Ransomware leaves the following ransom note afterwards:


The emails provided in the instructions by which the cyber criminals may be contacted for further ransom instructions and payment are file987@sigaint.org and file987@tutanota.com.

We strongly advise affected users by the CryptoJoker Ransomware NOT to pay the ransom money and to look for other ways to decrypt their data. This Is because paying the ransom may not be a guarantee that you will get your files restored and also it funds the cyber-criminal organization to further sophisticate their operation.

Removing CryptoJoker Ransomware Fully

In order to wipe this threat clean off, you need to isolate it first. This may happen in several different ways, the most accessible and fastest of which is if you boot your computer in Safe Mode. This will stop any third-party apps and processes from running and may allow you to scan your computer and eradicate all associated objects with CryptoJoker. For the removal itself it is recommended to use and advanced anti-malware program that will make sure there is not Trace of CryptoJoker and protect you from future intrusions.

1. Boot Your PC In Safe Mode to isolate and remove CryptoJoker Ransomware
2. Remove CryptoJoker Ransomware with SpyHunter Anti-Malware Tool
3. Remove CryptoJoker Ransomware with Malwarebytes Anti-Malware.
4. Remove CryptoJoker Ransomware with STOPZilla AntiMalware
5. Back up your data to secure it against infections and file encryptions by CryptoJoker Ransomware in the future
NOTE! Substantial notification about the CryptoJoker Ransomware threat: Manual removal of CryptoJoker Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.