New ransomware infection, using the .encrptd file extension after it encodes the files on the compromised computers by it, has been reported by malware researchers to attack unsuspecting users. The infection, also dubbed NETCrypton has been reported to render the files on the computers infected by it no longer able to be opened. The virus also aims to get it’s victims to pay a hefty ransom fee in order to get the files encrypted by it restored back to their original state. The malware also aims to perform multiple other activities, like update itself and it may also infect other computers in the network of the infected PC. If your computer has been attacked by the .encrptd ransomware virus, recommendations are to focus on immediately removing this malware from your computer by reading the information in this article.


Threat Summary
Name | .encrptd |
Type | Ransomware, Cryptovirus |
Short Description | Aims to encrypt the files on the computers that have been infected by it after which demand the victim to pay e hefty ransom fee in order to get the files decrypted again. |
Symptoms | The virus encrypts the files, adding the .encrptd file extension to them after which changes the wallpaper of the infected computer with it’s ransom note. |
Distribution Method | Spam Emails, Email Attachments, Executable files |
Detection Tool | See If Your System Has Been Affected by .encrptd Download Malware Removal Tool | User Experience | Join Our Forum to Discuss .encrptd. |
Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |


How Does .encrptd Files Virus Infect?
The infection process of this ransomware virus is primarily conducted via multiple different types of methods, the main of which is believed to be via malicious e-mail spam messages, that are being sent out to victims’ computers, pretending to be legitimate e-mail messages coming from big companies, like FedEx, PayPal and others. Here is an example of how such an e-mail appears like:
Besides via e-mail, there are also other types of activities via which you may become infeted with this ransomware virus. Those could be:
- Via fake executable files of programs.
- Fake software activators.
- Key generators.
- Game patches or cracks.


.encrptd Files Virus – More Information
When an infection with this ransomware virus takes place on your computer, the malware may drop it’s malicious files on it, one of them being the executable responsible for file encryption. The files may be located in the following folders:
- %AppData%
- %Local%
- %LocalLow%
- %Roaming%
- %Temp%
In addition to this, the ransomware virus also aims to perform other types of activities, such as modify the Windows Registry Editor, more specifically, add Windows Registry entries in the following sub-keys:
→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
HKEY_CURRENT_USER\Control Panel\Desktop
In addition to this, the ransomware may also delete the shadow volume copies of the infected computer, by executing commands as an administrator in Windows command prompt:
→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”
The .encrptd virus also changes the wallpaper of the infected computer, demanding victims to pay a hefty ransom fee of $300 in BitCoin:


.encrptd Files virus Encryption Process
Regarding file encryption, this ransomware infection uses and advanced encryption mode in which the malware replaces key data from the files targeted by it with encrypted data in order to make it so that the files are no longer able to be opened. For the encryption process, the following types of files may be targeted by the .encrptd files virus:
→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com
After the encryption process is complete, the .encrptd files virus adds it’s distinctive file extension to the files encoded by it, making them appear like the following:


How to Remove .encrptd Files Virus Completely
In order to remove this ransomware virus from your computer, it is strongly recommended to follow the removal instructions below. They are specifically created with the purpose to help you remove the virus files of this malware completely either manually or automatically. If you lack the experience in removing the .encrptd files virus manually, experts advise to follow the automatic removal instructions down below and download an advanced anti-malware software. This will help you to get rid of the malicious files of this malware and protect your computer in the future too.
Furthermore, if you want to try and restore your encrypted files, we recommend that you try the alternative methods for file recovery below in step “2. Restore files encrypted by .encrptd Virus” below. They may not be 100% effective but may help you in restoring as many encrypted files as possible.
Manually delete .encrptd from your Mac
Automatically remove .encrptd from your Mac
When you are facing problems on your Mac as a result of unwanted scripts and programs such as .encrptd, the recommended way of eliminating the threat is by using an anti-malware program. Combo Cleaner offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.