.doubleoffset Files Virus – How to Remove and Restore Files

.doubleoffset Files Virus – How to Remove and Restore Files


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .doubleoffset Virus and other threats.
Threats such as .doubleoffset Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article has been created in order to help you by explaining how to remove the .doubleoffset files virus from your PC and how to restore encrypted files.

A new version of the notorious Cryakl ransomware has been detected in the wild. The version is v1.5.1.0 and aims to encrypt the files on the victimized computers. In addition to this, the .doubleoffset file extension is also added to the encrypted files along with possibly a ransom note which demands from victims to pay a hefty ransom fee in order to decrypt the encrypted files. In case you computer is among the ones infected by the .doubleoffset files virus, recommendations are to read the following article and focus on removing this malware from your computer and restoring your files.

Threat Summary

Name.doubleoffset Virus
TypeRansomware, Cryptovirus
Short DescriptionA variant of the Cryakl Ransomware family. Aims to encrypt the files on your computer and ask for a hefty ransom payoff in order to restore them.
SymptomsThe files on the infected computer are encrypted with an extension, pointing to the e-mail [email protected] and .doubleoffset suffix is added to them.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .doubleoffset Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .doubleoffset Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.doubleoffset Ransomware – Distribution Methods

The Cryakl ransomware infection is the type of malware that can slither into your PC via a multitude of ways. For starters, the virus may use obfuscation methods which can help it to remain undetected by antivirus engines. In addition to this, the ransomware infection also may use other forms of infection files which enter your computer via a Remote Desktop Protocols, a malicious infection kit and exploits for Windows vulnerabilities. The infection process may be conducted by sending you an e-mail which may contain a malicious e-mail attachment (the infection file) pretending to be a:

  • Receipt.
  • An invoice.
  • Order receipt.
  • Fake banking statement.

If you receive the file via an e-mail, the file may be a JavaScript type, a .vbs type of a script or even a disguised .docm type of file for Microsoft Word which can infect your computer via malicious macros. In addition to this, the cyber-criminals can also imitate the e-mail is coming from a large company to increase the trust in victims, for example:

In addition to via e-mail, this variant of Cryakl may also be uploaded online, imitating a legitimate type of programs, like:

  • Setups of software or games.
  • Game or program patches, cracks, key generators or other forms of license activators.

.doubleoffset Files Virus – More Information

As soon as infection has been performed, the variant of Cryakl drops it’s malicious files on the compromised computer, similar to what other variants of this virus do. During this process, the computer of victims may stagger and even freeze for a brief moment. The malicious files of the .doubleoffset files virus may be dropped in the following Windows folders under different filenames:

As soon as the .doubleoffset files virus has completed the file dropping process, the ransomware may begin to perform malicious tasks on the victim’s computer, among which may be the following:

  • Create mutexes.
  • Touch important Windows files.
  • Interfere with the Windows Registry Editor.

The virus may target the Run and RunOnce Windows Registry sub-keys in order to add registry values with their corresponding data which makes it possible for the malicious files of the .doubleoffset ransomware to run automatically on system boot. The locaton of the sub-keys in most Windows Versions is the following and in them you may find the value strings with random names:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In addition to interfering with the Windows Registry sub-keys, the ransomware may also perform other activities on the compromised computer, such as disable the Windows recovery services and delete the shadow volume copies within the infected PC in order to sabotage file recovery via those methods. The virus may do this by executing the following administrator commands in Windows Command Prompt:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

.doubleoffset Files Virus – Encryption Procedure

The Cryakl .doubleoffset ransomware aims to perform different activities prior to encrypting files. Firstly, the virus checks if it’s running on a virtual drive of some sort and if this is not the case, the malware immediately deletes itself. If not, the .doubleoffset ransomware may scan for and encrypt the following types of files on your computer:

  • Audio files.
  • Videos.
  • Pictures.
  • Archives.
  • Microsoft Office and other document file types.

The virus may also have a whitelist of Windows system folders on which it does not encrypt files at all, such as %Windows% and other types of folders.

After the Cryakl ransomware has attacked your computer and encrypted the files on it, it may leave them with a rather long file extension and an e-mail, like the picture below shows:

As visible from the picture above, the virus aims to get the victims to open it’s README.txt file, containing what appears to be instructions on what to do to get your files back. Researchers, strongly recommend not to pay the ransom and to remove this ransomware virus and try to restore your files via other methods as well.

Remove Cryakl Ransomware and Restore .doubleoffset Files

In order to eliminate this ransomware infection completely from your computer system, recommendations are to follow the removal instructions underneath this article. They are specifically created in order to help you delete the virus files either manually or automatically, based on how much experience you have in removing malware. If you lack such experience or do not feel confident that you have removed this ransomware completely, experts always outline that using an anti-malware software to remove this ransomware automatically is the best method to go for.

If you want to restore .doubleoffset encrypted files on your PC, do not panic, because there is more than one method to do so. You can try the alternative methods underneath this article in step “2. Restore files, encrypted by .doubleoffset Virus” down belw. They may not be a 100% solution to recovering your data, but may help you restore as many encrypted files as possible.

Note! Your computer system may be affected by .doubleoffset Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .doubleoffset Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .doubleoffset Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .doubleoffset Virus files and objects
2. Find files created by .doubleoffset Virus on your PC

Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .doubleoffset Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share