Decrypt .cryptowin Files Encrypted by BTCWare Ransomware - How to, Technology and PC Security Forum |

Decrypt .cryptowin Files Encrypted by BTCWare Ransomware

This article aims to help you remove BTCWare ransomware virus and decrypt .cryptowin files encrypted by it from your computer.

A ransomware infection, known to be related to CryptXXX variants has been discovered in a new version. The virus, named BTCware now uses the .cryptowin file extension added to the encrypted files, unlike the previous version, using the same name as the file extension. The virus demands a hefty ransom fee to be paid out by the victims in BitCoin. In case your computer has been infected by this ransomware infection, we advise you to read this article thoroughly to learn how to remove this virus and decrypt your files for free.

Threat Summary


.cryptowin virus

Short DescriptionThe malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness ransom notes and “instructions” linking to a web page and a decryptor. Changed file names and the file-extension .cryptowin has been used.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by .cryptowin virus


Malware Removal Tool

User ExperienceJoin our forum to Discuss .cryptowin virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

BTCware .cryptowin Virus – More Information

Once this variant of BTCware is activated on your computer, it may create multiple different files on the compromised computer. They may be located in the following Windows folders:

  • %AppData%
  • %SystemDrive%
  • %Local%
  • %Roaming%
  • %System32%
  • %Startup%

After this, the ransomware may attack multiple different files for encryption, including:

  • Documents.
  • Videos.
  • Audio files.
  • Image files.
  • Files, related to widely used programs.

The files attacked by the .cryptowin virus for encryption may be the following:

→ .1c, .3fr, .accdb, .ai, .arw, .bac, .bay, .bmp, .cdr, .cer, .cfg, .config, .cr2, .crt, .crw, .css, .csv, .db, .dbf, .dcr, .der, .dng, .doc, .docm, .docx, .dwg, .dxf, .dxg, .eps, .erf, .gif, .htm, .html, .indd, .iso, .jpe, .jpeg, .jpg, .kdc, .lnk, .mdb, .mdf, .mef, .mk, .mp3, .mp4, .mrw, .nef, .nrw, .odb, .ode, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pdf, .pef, .pem, .pfx, .php, .png, .ppt, .pptm, .pptx, .psd, .pst, .ptx, .r3d, .rar, .raw, .rtf, .rw2, .rwl, .sql, .sr2, .srf, .srw, .tif, .wb2, .wma, .wpd, .wps, .x3f, .xlk, .xls, .xlsb, .xlsm, .xlsx, .zip

While BTCWare’s .cryptowin variant is very careful not to encrypt critical files for the functioning of Windows, the malware may encrypt all other important files, leaving them looking like the following:

After this, the virus may drop it’s ransom note with instructions on how to pay the ransom and hence restore the encrypted files. However, it is strongly inadvisable to do so, because thanks to researcher demonslay335, a decryptor has been developed that can restore all files encrypted with .cryptwin file extension, related to BTCware ransomware. If you want to remove the virus an get your data back, keep reading this material.

Remove .cryptowin BTCWare Ransomware

For the removal of this ransomware virus we advise you to backup the encrypted files beforehand. Then, you can go ahead and remove it either manually or automatically by following the instructions below. They are carefully designed to help you get rid of all malicious files related to this .cryptowin variant of the ransomware. In case manual removal represents difficulty for you, experts recommend using an advanced anti-malware program to remove this virus automatically.

Manually delete .cryptowin virus from your computer

Note! Substantial notification about the .cryptowin virus threat: Manual removal of .cryptowin virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .cryptowin virus files and objects
2.Find malicious files created by .cryptowin virus on your PC

Automatically remove .cryptowin virus by downloading an advanced anti-malware program

1. Remove .cryptowin virus with SpyHunter Anti-Malware Tool and back up your data

Decrypt .cryptowin Files for Free

Update! A decryption tool is now available for all BTCWare ransomware variants (including .cryptowin)! The tool was created by the malware researcher Michael Gillespie. You can download the tool and read how to use it from the following article: Decrypt Files Encrypted by BTCWare Ransomware.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share