.cdrpt Files Virus (Unlock92 2.0) – How to Remove It and Restore Files
THREAT REMOVAL

.cdrpt Files Virus (Unlock92 2.0) – How to Remove It and Restore Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Unlock92 .cdrpt Virus and other threats.
Threats such as Unlock92 .cdrpt Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article has been created in order to explain how to remove the Unlckr ransomware virus and how to restore files that have been encrypted by this malware and have the .cdrpt file extension added to them as a suffix.

Another annoying Russian ransomware virus has come out in the wild as reported by cyber-security researcher GrujaRS(https://twitter.com/GrujaRS/status/998605137068388352). The Virus is a new version of the .crptd ransomware infection and it’s main goal is to get victims to pay a hefty ransom fee in order to make the cyber-criminals restore the no longer openable files. If you are one of the victims of this ransomware, we advise that you read the following article and learn how to remove this malware from your computer plus how to restore files that have been encrypted by it.

Threat Summary

NameUnlock92 .cdrpt Virus
TypeRansomware, Cryptovirus
Short DescriptionUnlock92 ransomware’s 2.0 version. Encrypts the files on your computer and asks you to pay ransom in order to decrypt them.
SymptomsFiles are no longer able to be opened with the file suffix .cdrpt added after their names and extensions.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Unlock92 .cdrpt Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Unlock92 .cdrpt Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.cdrpt Files Virus – How Did I Get Infected

The main method which is used by the .cdrpt ransomware to infect the computers of unsuspecting users Is via malicious spammed e-mails that are sent to you as if they come from a company. The e-mails are oriented towards russian-speaking users and they aim to convince that there is an issue and you need to open an attachment to see what exactly is. The issues usally imitated are a problem with our bank account, suspicious activity on your social media profile and even fake order receipts. Here is how such e-mails may appear:

But this is not the only way via which this ransomware virus could enter your computer. The malware may also come as a result of being uploaded on wesbites, pretending to be an installer of a program, a fake license activator, like game patch, crack and other seemingly legitimate programs and also pose as portable program as well.

.cdrpt Files Virus – Further Information

After having clicked on the malicious attachments of this ransomware, it may begin to infect your PC by connecting it to a remote location and using it to download it’s payload files. The virus files are the following:

  • An .exe file, likely responsible for the encryption.
  • Another .exe file, responsible for creating mutexes, obtaining administrative permissions and triggering scripts.
  • Image with the ransom note which is set as a wallpaper.
  • Key.res file.
  • A ransom note file.

The files are usually in different folders of Windows, whereas the key.res file and the “read me” files are located in the %Documents% directory of your profile directory and the main executables may be in the following Windows system folders:

  • %Local%
  • %Temp%
  • %LocalLow%
  • %AppData%
  • %Roaiming%

It has not yet been officially confirmed, but the .cdrpt files ransomware may also extract other files which could be with random names and be located in the system folders of Windows. The payload of the ransomware may be downloaded from a third-party domain which is usually from the Tor-network.

The cyber-criminals also drop their ransom note file, which roughly translates to the following ransom note:

“Your files are encrypted using the RSA-2048 algorithm.
If you want to return them, send one of the encrypted files and key.res file to e-mail:
[email protected]
If you do not receive a reply within 24 hours or the letter is returned with an error, then download from the site www.torproject.com browser TOR and with his help go to the site
n3r2kuzhw2h7x6j5.onion – there will be specified a valid mailbox.
Attempts to repair files yourself can irrevocably ruin them!”

The ransom note file may look similar to the previous version of the Unlock92 ransomware:

The ransom note leads victims to a Tor-based page where further instructions can be located. At the moment, the web page displays another e-mail for contact:

[email protected]

On the e-mail it is believed that the victim can negotiate the ransom payoff with the criminals and send them files to decrypt to see that the procedure is working. Nonetheless, paying the ransom is not advisable if you are planning on doing it.

The Unlckr variant .cdrpt may also delete the shadow volume copies of the ifnected omputer by executing Windows Command Prompt as an administrator and within it, triggering the following commands without you even noticing:

→ vssadmin.exe delete shadows /all /Quiet
bcdedit.exe /set {current} bootstatuspolicy ignoreallfailures
bcdedit.exe /set {current} recoveryenabled no

.cdrpt Files Virus – Encryption Process

Before actually encrypting any files, the .cdrpt files virus may scan for them, based on their file types. Usually the most often used types of files are targeted, like the following:

→“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

After this has been done, the Unlock92 2.0 ransomware may start to encrypt the files by altering their key file structure. This results in the files starting to appear like the following:

How to Remove Unlock92 2.0 and Restore .cdrpt Files

In general, removing Unlock92 can be performed if you follow the automatic or the manual removal metods underneath, based on how much malware removal experience you have. In any case, for maximum effectiveness, it is reccomended that you download and run a scan using an advanced anti-malware program. It will automatically remove any malware that may reside on your computer and make sure that your system remains protected against Unlock92’s .cdrpt files version and other malware in the future.

If you want to restore files, that have been encrypted by this ransomware virus on your computer, we would recommend that you try out our alternative methods for file recovery underneath this article. They are located in step “2. Restore files encrypted by Unlock92 .cdrpt Virus” and may not be 100% effective In recovering all of your files, but they might help you to recover most of them.

Note! Your computer system may be affected by Unlock92 .cdrpt Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Unlock92 .cdrpt Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Unlock92 .cdrpt Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Unlock92 .cdrpt Virus files and objects
2. Find files created by Unlock92 .cdrpt Virus on your PC

IMPORTANT!
Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Unlock92 .cdrpt Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...