A ransomware infection, known to be related to CryptXXX variants has been discovered in a new version. The virus, named BTCware now uses the .cryptowin file extension added to the encrypted files, unlike the previous version, using the same name as the file extension. The virus demands a hefty ransom fee to be paid out by the victims in BitCoin. In case your computer has been infected by this ransomware infection, we advise you to read this article thoroughly to learn how to remove this virus and decrypt your files for free.
|Short Description||The malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.|
|Symptoms||The user may witness ransom notes and “instructions” linking to a web page and a decryptor. Changed file names and the file-extension .cryptowin has been used.|
|Detection Tool|| See If Your System Has Been Affected by .cryptowin virus |
Malware Removal Tool
|User Experience||Join our forum to Discuss .cryptowin virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
BTCware .cryptowin Virus – More Information
Once this variant of BTCware is activated on your computer, it may create multiple different files on the compromised computer. They may be located in the following Windows folders:
After this, the ransomware may attack multiple different files for encryption, including:
- Audio files.
- Image files.
- Files, related to widely used programs.
The files attacked by the .cryptowin virus for encryption may be the following:
→ .1c, .3fr, .accdb, .ai, .arw, .bac, .bay, .bmp, .cdr, .cer, .cfg, .config, .cr2, .crt, .crw, .css, .csv, .db, .dbf, .dcr, .der, .dng, .doc, .docm, .docx, .dwg, .dxf, .dxg, .eps, .erf, .gif, .htm, .html, .indd, .iso, .jpe, .jpeg, .jpg, .kdc, .lnk, .mdb, .mdf, .mef, .mk, .mp3, .mp4, .mrw, .nef, .nrw, .odb, .ode, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pdf, .pef, .pem, .pfx, .php, .png, .ppt, .pptm, .pptx, .psd, .pst, .ptx, .r3d, .rar, .raw, .rtf, .rw2, .rwl, .sql, .sr2, .srf, .srw, .tif, .wb2, .wma, .wpd, .wps, .x3f, .xlk, .xls, .xlsb, .xlsm, .xlsx, .zip
While BTCWare’s .cryptowin variant is very careful not to encrypt critical files for the functioning of Windows, the malware may encrypt all other important files, leaving them looking like the following:
After this, the virus may drop it’s ransom note with instructions on how to pay the ransom and hence restore the encrypted files. However, it is strongly inadvisable to do so, because thanks to researcher demonslay335, a decryptor has been developed that can restore all files encrypted with .cryptwin file extension, related to BTCware ransomware. If you want to remove the virus an get your data back, keep reading this material.
Remove .cryptowin BTCWare Ransomware
For the removal of this ransomware virus we advise you to backup the encrypted files beforehand. Then, you can go ahead and remove it either manually or automatically by following the instructions below. They are carefully designed to help you get rid of all malicious files related to this .cryptowin variant of the ransomware. In case manual removal represents difficulty for you, experts recommend using an advanced anti-malware program to remove this virus automatically.