Crypt888 Ransomware – Decrypt .Lock Files for Free - How to, Technology and PC Security Forum |

Crypt888 Ransomware – Decrypt .Lock Files for Free

This article aims to help you remove the latest Crypt888 ransomware virus and decrypt .Lock encrypted files for free.

A new version of the notorious Crypt888 ransomware has appeared in the wild. The virus encrypts the files and unlike the previous version which pretended to be Petya ransomware, this virus adds the Lock. file prefix before the encrypted files and features a new wallpaper. In it are included instructions to restore the files by contacting [email protected] e-mail. However, malware researchers strongly advise not to contact them, since most Crypt888 variants, like this one are decryptable and in this article we will show you how to remove it and get your files back.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the infected computer and asks to pay for a decryptor.
SymptomsFiles are appended the .Lock prefix to them and cannot be opened. The virus then changes the wallpaper to a customly made image.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Crypt888


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Crypt888.

Crypt888 Ransomware – Distribution Methods

In order to infect, the latest Crypt888 ransomware version may be spread in multiple different methods. The primary strategy used to spread it may be via spam messages distributed via e-mails. Such messages usually carry either malicious e-mail attachments or may contain In them web links that link to the download of the attachment or direct infection. In the latest cases the attachments pose as legitimate documents of Microsoft Word or .PDF files. However, they may be nothing that even comes close to being legitimate. The documents may actually contain malicious macros within them that cause the infection when the victim enables macros, similar to what the graphic below explains:

Other methods by which your computer could become infected with the newest Crypt888 ransomware variant may be fake updates, files uploaded on torrent sites, game patches, cracks.

Crypt888 Ransomware More Information

The Crypt888 ransomware virus aims to perform different types of activities on the compromised computer. The virus initially may attack the processes of Microsoft Windows. It then may gain administrative privileges which allow it to tamper with the Windows Registry Editor and Windows Command Prompt. The new Crypt888 virus then may change the wallpaper of the infected computer to a red image with the following message

CONTACT US: [email protected]

For the encryption process, Crypt888 may attack widely used type of files, which are:

  • Documents.
  • Audio files.
  • Videos.
  • Archives.
  • Other types of files.

Only after it has encrypted your files, Crypt888 ransomware may begin to leave them with the .Lock prefix, making them look like the following:

Fortunately, the user no longer has to pay to restore the encrypted files, because this virus is from the Crypt888 variants, meaning that you may succeed in decrypting your files by following the instructions below. But first, you need to remove this ransomware from your computer.

Crypt888 Removal Instructions

To remove Crypt888, please guide yourself by following the removal instructions below. In case you are having difficulties in following the manual instructions we strongly advise you to use an anti-malware program that will assist in the detection of all the files and registry entries associated with Crypt888 automatically and swiftly.

Manually delete Crypt888 from your computer

Note! Substantial notification about the Crypt888 threat: Manual removal of Crypt888 requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Crypt888 files and objects
2.Find malicious files created by Crypt888 on your PC

Automatically remove Crypt888 by downloading an advanced anti-malware program

1. Remove Crypt888 with SpyHunter Anti-Malware Tool and back up your data

Crypt888 Decryption Instructions

Before beginning to use the decryptor, it is always good to perform a backup of your files, just in case they become corrupted, because of the software tampers with their structure. There are several ways to back them up; you can copy them to a flash drive or use a cloud backup software, such as SOS Online Backup or similar.

Step 1: Download AVG Crypt888 decryptor from this web link

Step 2: Open the decryptor and click on “Next”.


Step 3: Select the drive you with to decrypt files in and click “Next” once more:


Step 4: Click on “Finish”.


Wait for the decryptor to decipher your files. After the job is complete, they will be saved on your computer. Bear in mind to backup your files since some of them may turn out corrupt.

Crypt888 Decryption – Conclusion

As a bottom line, Crypt888 Ransomware is a virus that is decryptable but keep in mind that some of the files may turn out corrupt and this is why you should create multiple copies of the encrypted files so you can attempt once again if you failed the first time. Also, bear in mind that while this ransomware is decryptable there are still many other threats out there that are not. This is why we suggest you to follow the instructions in the article below to help you learn how to store your important data securely:

Safely Store Your Important Files and Protect Them from Malware

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share