A new version of the notorious Crypt888 ransomware has appeared in the wild. The virus encrypts the files and unlike the previous version which pretended to be Petya ransomware, this virus adds the Lock. file prefix before the encrypted files and features a new wallpaper. In it are included instructions to restore the files by contacting [email protected] e-mail. However, malware researchers strongly advise not to contact them, since most Crypt888 variants, like this one are decryptable and in this article we will show you how to remove it and get your files back.
|Short Description||Encrypts the files on the infected computer and asks to pay for a decryptor.|
|Symptoms||Files are appended the .Lock prefix to them and cannot be opened. The virus then changes the wallpaper to a customly made image.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by Crypt888 |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Crypt888.|
Crypt888 Ransomware – Distribution Methods
In order to infect, the latest Crypt888 ransomware version may be spread in multiple different methods. The primary strategy used to spread it may be via spam messages distributed via e-mails. Such messages usually carry either malicious e-mail attachments or may contain In them web links that link to the download of the attachment or direct infection. In the latest cases the attachments pose as legitimate documents of Microsoft Word or .PDF files. However, they may be nothing that even comes close to being legitimate. The documents may actually contain malicious macros within them that cause the infection when the victim enables macros, similar to what the graphic below explains:
Other methods by which your computer could become infected with the newest Crypt888 ransomware variant may be fake updates, files uploaded on torrent sites, game patches, cracks.
Crypt888 Ransomware More Information
The Crypt888 ransomware virus aims to perform different types of activities on the compromised computer. The virus initially may attack the processes of Microsoft Windows. It then may gain administrative privileges which allow it to tamper with the Windows Registry Editor and Windows Command Prompt. The new Crypt888 virus then may change the wallpaper of the infected computer to a red image with the following message
YOU ARE HACKED
ALL YOUR PERSONAL FILES HAVE BEEN ENCRYPTED!
IF YOU WANT TO RESTORE YOUR DATA YOU HAVE TO PAY!
CONTACT US: [email protected]
REMEMBER! YOU CAN’T RESTORE YOUR FILES WITHOUT OUR DECRYPTO!!!!!!!!!!!!!!
For the encryption process, Crypt888 may attack widely used type of files, which are:
- Audio files.
- Other types of files.
Only after it has encrypted your files, Crypt888 ransomware may begin to leave them with the .Lock prefix, making them look like the following:
Fortunately, the user no longer has to pay to restore the encrypted files, because this virus is from the Crypt888 variants, meaning that you may succeed in decrypting your files by following the instructions below. But first, you need to remove this ransomware from your computer.
Crypt888 Removal Instructions
To remove Crypt888, please guide yourself by following the removal instructions below. In case you are having difficulties in following the manual instructions we strongly advise you to use an anti-malware program that will assist in the detection of all the files and registry entries associated with Crypt888 automatically and swiftly.
Manually delete Crypt888 from your computer
Note! Substantial notification about the Crypt888 threat: Manual removal of Crypt888 requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove Crypt888 by downloading an advanced anti-malware program
Crypt888 Decryption Instructions
Before beginning to use the decryptor, it is always good to perform a backup of your files, just in case they become corrupted, because of the software tampers with their structure. There are several ways to back them up; you can copy them to a flash drive or use a cloud backup software, such as SOS Online Backup or similar.
Step 1: Download AVG Crypt888 decryptor from this web link
Step 2: Open the decryptor and click on “Next”.
Step 3: Select the drive you with to decrypt files in and click “Next” once more:
Step 4: Click on “Finish”.
Wait for the decryptor to decipher your files. After the job is complete, they will be saved on your computer. Bear in mind to backup your files since some of them may turn out corrupt.
Crypt888 Decryption – Conclusion
As a bottom line, Crypt888 Ransomware is a virus that is decryptable but keep in mind that some of the files may turn out corrupt and this is why you should create multiple copies of the encrypted files so you can attempt once again if you failed the first time. Also, bear in mind that while this ransomware is decryptable there are still many other threats out there that are not. This is why we suggest you to follow the instructions in the article below to help you learn how to store your important data securely: