June 2017 Is the month of the ransomware viruses coming from the open-source Hidden Tear project. Such virus is the CryptoSpider ransomware threat which aims to encode the files on your computer, using AES cipher and then demand you to pay money in order to have your files working again. The virus also adds a lockscreen claiming you have been hacked by ./MR.GHOST-C47. If your computer has been infected by this virus, we suggest that you read the following material and learn how to remove it and decrypt your files.
|Short Description||Based on the open-source HiddenTear code. Encrypts files and then asks for a ransom.|
|Symptoms||Files are encrypted with the .Cspider file extension added to them.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by .Cspider Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .Cspider Virus.|
.Cspider Ransomware – More Information
The .Cspider virus is from the file encryption type. Being based on the HiddenTear project, it aims to infect users who do not suspect what Is happening. This happens usually via different methods:
- Being spread via e-mail spam messages.
- Via malicious files uploaded as fake game patches or cracks.
- Through multiple different key generators game patches, cracks or other activation software.
After an infection takes place, the .Cspider virus drops it’s malicious file, named CryptoSpider.exe on the victim’s computer.
Then, the virus may modify the registry entries of the infected computer and hence run automatically on system start. In addition to this, the .Cspider ransomware may also delete the shadow volume copies on the infected computer. After doing so, CryptoSpider also aims to encrypt specific files on the compromised computers, like:
- Image files.
- Audio types of files.
- Other often used files.
After the encryption has completed, the files can no longer be opened and have the following file extension:
Fortunately, you do not have to pay anyone to restore the encrypted files, because all HiddenTear versions are now decryptable. But first it is important to remove this ransomware. For the removal and decryption, please follow the instructions below.
Remove .Cspider Virus from Your PC and Decrypt Your Files
Manually delete .Cspider Virus from your computer
Note! Substantial notification about the .Cspider Virus threat: Manual removal of .Cspider Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove .Cspider Virus by downloading an advanced anti-malware program
HiddenTear Ransomware Variants – Decoding Instructions
The file-decryption process of HiddenTear ransomware is not as difficult, but you need to be prepared and do it from a safe computer that is powerful. Let’s begin!
Step 1: Download the HiddenTear BruteForcer by clicking on the button below and open the archive:
Step 2: Extract the program onto your Desktop or wherever you feel comfortable to easily access it and open it as an administrator:
Step 3: After opening it, you should see the main interface of the brute force. From there, choose “Browser Sample” to select a sample encrypted file of the type of ransomware you are trying to decrypt:
Step 4: After this select the type of ransomware from the down-left expanding menu:
Step 5: Click on the Start Bruteforce button. This may take some time. After the brute forcing is finished and the key is found, copy it and save it somewhere on your PC in a .txt file, you will need it later.
Step 6: Download the HiddenTear Decryptor from the download button below:
Step 7: Extract it and open it, the same way with HiddenTear Bruteforcer. From it’s primary interface, paste the key copied from the BruteForcer, write the type of extension being used by the ransomware and click on the Decrypt button as shown below:
After these steps have been completed, you should immediately copy your files to an external device so that they are safe. After this has been done, we strongly recommend completely wiping your drives and reinstalling Windows on the affected machine.