This article has been created in order to help you by showing you how to remove the CrY ransomware virus from your computer and how to restore files encrypted by it.
New ransomware infection, known by it’s file extension .locked has been detected. The virus, dubbed CrY has been reported to be a HiddenTear ransomware variant which fortunately enough is decryptable. After encrypting your iles, the CrY files virus leaves behind the READ_AND_CRY ransom note. If you have been infected by this variant of CrY ransomware virus, recommendations are to read this article if you want to learn how to remove this ransomware from your computer and how to decrypt your encrypted files without paying the ransom.
Threat Summary
| Name | CrY |
| Type | Ransomware, Cryptovirus |
| Short Description | Aims to encrypt the files on the infected computer, adding the .locked file extension and demand a ransom to be paid. |
| Symptoms | The virus aims to add the .locked file extension to the encrypted files and “READ_AND_CRY” ransom note, plus changes the wallpaper on thevictim’s computer. |
| Distribution Method | Spam Emails, Email Attachments, Executable files |
| Detection Tool | See If Your System Has Been Affected by CrY Download Malware Removal Tool | User Experience | Join Our Forum to Discuss CrY. |
CrY Ransomware – Infection and Activity
The infection of viruses, like the CrY ransomware is most likely conducted via an intermediary file that may be contained in spammed e-mail messages as well as malicious files that may be uploaded as fake setups, software license activators or other forms of fraudulent types of files. In addition to this. The e-mails may portray CrY ransomware as a legitimate file, such as:
- Invoice.
- Receipt.
- Banking statement.
- Other form of file.
In addition to this, the infection process results in the payload being dropped on the computer of the victim. The payload may consist of the following samples, related to the CrY HiddenTear variant on your computer:
After the payload has been dropped on the computer, the HiddenTear variant may change the wallpaper on the infected computer to the following image:
After having encrypted your files, the malware changes their default file extension to .locked, making the files appear like the following:
Fortunately, viruses, like the .locked files virus are from the Hidden Tear ransomware family, that is decryptable. But before proceeding with the decryption instructions below, we advise you to remove this malware first by using an advanced anti-malware software
CrY Ransomware Virus – Decryption Instructions
The decryption process of Unikey ransomware is not tech-savvy, but you will need to be prepared and follow the instructions below:
Step 1: Download the HiddenTear BruteForcer by clicking on the button below and open the archive:
Step 2: Extract the program onto your Desktop or wherever you feel comfortable to easily access it and open it as an administrator:
Step 3: After opening it, you should see the main interface of the brute force. From there, choose “Browser Sample” to select a sample encrypted file of the type of ransomware you are trying to decrypt:
Step 4: After this select the type of ransomware from the down-left expanding menu:
Step 5: Click on the Start Bruteforce button. This may take some time. After the brute forcing is finished and the key is found, copy it and save it somewhere on your PC in a .txt file, you will need it later.
Step 6: Download the HiddenTear Decryptor from the download button below:
Step 7: Extract it and open it, the same way with HiddenTear Bruteforcer. From it’s primary interface, paste the key copied from the BruteForcer, write the type of extension being used by the ransomware and click on the Decrypt button as shown below:
After these steps have been completed, you should immediately copy your files to an external device so that they are safe. After this has been done, we strongly recommend completely wiping your drives and reinstalling Windows on the affected machine.
Unikey Ransomware Decryption – Conclusion
Ransomware infections, such as Unikey are becoming more and more often met. The security experts often publish multiple projects and make them accessible for free with the goal to fight back the ransomware menace. However, coders of ransomware viruses often utilize the deep web to sell their viruses to multiple other vendors who spread them further. Since the ransomware menace is ever-expanding, we only expect this trend to increase. This is why we recommend you to follow these beneficial advices that may just save your computer one day:
Advice 1: Make sure to read our general protection tips and try to make them your habit and educated others to do so as well.
Advice 2: Install an advanced anti-malware program that has an often updated real-time shield definitions and ransomware protection.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Advice 3: Seek out and download specific anti-ransomware software which is reliable.
Advice 4: Backup your files using one of the methods in this article.
Advice 5: : Make sure to use a secure web browser while surfing the world wide web.
