CryptoBoss Ransomware – Remove and Restore .CRYPTOBOSS Files

CryptoBoss Ransomware – Remove and Restore .CRYPTOBOSS Files

This article will aid you in removing the CryptoBoss ransomware efficiently. Follow the ransomware removal instructions provided at the end.

CryptoBoss ransomware is the name of a cryptovirus, which is believed to be a variant of the Amnesia virus. The extension it places to all files after encryption is .CRYPTOBOSS. After encryption, a ransom note shows up with instructions on how to pay the ransom. Keep reading and find out what ways you could try to potentially recover some of your files.

Threat Summary

Short DescriptionThe ransomware encrypts files on your computer system and it shows a ransom note afterward.
SymptomsThis ransomware virus will encrypt your files and place the .CRYPTOBOSS extension on each one of them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by CRYPTOBOSS


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss CRYPTOBOSS.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CryptoBoss Ransomware – Delivery Ways

CryptoBoss ransomware could be delivered in multiple ways. Take note that the way which is most commonly used for its infection spread is via a payload dropper. That file initiates the malicious script for the ransomware. Samples have been spotted by malware researchers and its similarity to Amnesia virus is detected.

The CryptoBoss ransomware might be using other ways to deliver the payload file, such as social media and file-sharing sites. Freeware applications found on the Web could be promoted as helpful but also could hide the malicious script for this virus. Before opening any files after you have downloaded them, you should instead scan them with a security program. Especially if they come from suspicious places, such as emails or links. Also, don’t forget to check the size and signatures of such files for anything that seems out of place. You should read the ransomware prevention tips given in the forum section.

CryptoBoss Ransomware – Detailed Overview

The CryptoBoss ransomware is a cryptovirus, which has been recently discovered by malware researchers. They believe that the ransomware is a variant of Amnesia. When the CryptoBoss ransomware encrypts your files, it will put the .CRYPTOBOSS extension to every file and display a ransom note with payment instructions.

The CryptoBoss ransomware can be set to make new registry entries in the Windows Registry to achieve a higher level of persistence. Such entries are usually designed in a way that will start the virus automatically with every launch of the Windows Operating System, such as the example showed down here:


The ransom message is placed inside a file called HOW TO RECOVER ENCRYPTED FILES.txt. This is how it looks:

The ransom note states the following:

All your files have been encrypted

Your ID:

All your files have been encrypted
If you want to restore them, write us to the e-mail: [email protected] or [email protected]
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

Before paying you can send to us up to 1 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb

Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 3 days – your key has been deleted and you cant decrypt your files

The cybercriminals want you to contact them on the following two emails:

They want you to write to them on those addresses so they could extort you for paying up the ransom. However, you should NOT under any circumstances pay anything to the cybercriminals. Nobody can give you a guarantee that you will get your files decrypted upon payment, plus in that way you will support the criminals and probably motivate them to keep making ransomware viruses etc.

CryptoBoss Ransomware – Encryption Process

There is no official list with file extensions that the CryptoBoss ransomware seeks to encrypt and the article will be updated if such a list is found. However, all files which get encrypted will receive the .CRYPTOBOSS extension appended to them. The encryption algorithm which is used for the virus is AES 256-bit.

As the ransomware seems to be a variant of Amnesia, more than 7.000 extensions could be encrypted, from file types such as:

  • Audio
  • Video
  • Database
  • Document
  • Picture

The CryptoBoss cryptovirus is more than likely to erase the Shadow Volume Copies from the Windows Operating System by executing the following command:

→vssadmin.exe delete shadows /all /Quiet

If the above-stated command is put into the command prompt of the Windows OS, that will make the encryption process more viable, as one of the main ways for file recovery will be gone. Continue reading to find out what methods you can try out to potentially restore some of your files. You should also take advantage of the free decryption proposed by the cybercriminals. What is more, you should try the decryptor developed for Amnesia from the Amnesia article containing decryption instructions.

Remove CryptoBoss Ransomware and Restore .CRYPTOBOSS Files

If your computer got infected with the CryptoBoss ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share