.encrptd Files Virus - How to Remove NETCrypton Ransomware

.encrptd Files Virus – How to Remove NETCrypton Ransomware

This article has been created in order to help you by showing how to remove the .encrptd files virus from your computer, also known as NETCrypton and how to restore files that have been encoded with an added .encrptd file extension to them.

New ransomware infection, using the .encrptd file extension after it encodes the files on the compromised computers by it, has been reported by malware researchers to attack unsuspecting users. The infection, also dubbed NETCrypton has been reported to render the files on the computers infected by it no longer able to be opened. The virus also aims to get it’s victims to pay a hefty ransom fee in order to get the files encrypted by it restored back to their original state. The malware also aims to perform multiple other activities, like update itself and it may also infect other computers in the network of the infected PC. If your computer has been attacked by the .encrptd ransomware virus, recommendations are to focus on immediately removing this malware from your computer by reading the information in this article.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on the computers that have been infected by it after which demand the victim to pay e hefty ransom fee in order to get the files decrypted again.
SymptomsThe virus encrypts the files, adding the .encrptd file extension to them after which changes the wallpaper of the infected computer with it’s ransom note.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .encrptd


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .encrptd.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does .encrptd Files Virus Infect?

The infection process of this ransomware virus is primarily conducted via multiple different types of methods, the main of which is believed to be via malicious e-mail spam messages, that are being sent out to victims’ computers, pretending to be legitimate e-mail messages coming from big companies, like FedEx, PayPal and others. Here is an example of how such an e-mail appears like:

Besides via e-mail, there are also other types of activities via which you may become infeted with this ransomware virus. Those could be:

  • Via fake executable files of programs.
  • Fake software activators.
  • Key generators.
  • Game patches or cracks.

.encrptd Files Virus – More Information

When an infection with this ransomware virus takes place on your computer, the malware may drop it’s malicious files on it, one of them being the executable responsible for file encryption. The files may be located in the following folders:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

In addition to this, the ransomware virus also aims to perform other types of activities, such as modify the Windows Registry Editor, more specifically, add Windows Registry entries in the following sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
HKEY_CURRENT_USER\Control Panel\Desktop

In addition to this, the ransomware may also delete the shadow volume copies of the infected computer, by executing commands as an administrator in Windows command prompt:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

The .encrptd virus also changes the wallpaper of the infected computer, demanding victims to pay a hefty ransom fee of $300 in BitCoin:

.encrptd Files virus Encryption Process

Regarding file encryption, this ransomware infection uses and advanced encryption mode in which the malware replaces key data from the files targeted by it with encrypted data in order to make it so that the files are no longer able to be opened. For the encryption process, the following types of files may be targeted by the .encrptd files virus:


After the encryption process is complete, the .encrptd files virus adds it’s distinctive file extension to the files encoded by it, making them appear like the following:

How to Remove .encrptd Files Virus Completely

In order to remove this ransomware virus from your computer, it is strongly recommended to follow the removal instructions below. They are specifically created with the purpose to help you remove the virus files of this malware completely either manually or automatically. If you lack the experience in removing the .encrptd files virus manually, experts advise to follow the automatic removal instructions down below and download an advanced anti-malware software. This will help you to get rid of the malicious files of this malware and protect your computer in the future too.

Furthermore, if you want to try and restore your encrypted files, we recommend that you try the alternative methods for file recovery below in step “2. Restore files encrypted by .encrptd Virus” below. They may not be 100% effective but may help you in restoring as many encrypted files as possible.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share