Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove CryFile Ransomware and Decrypt .Criptokod Encrypted Files

lock-padlock-symbol-for-security-interfaceRansomware, known as CryFile has been reported to infect computers primarily in Russia. This nasty crypto-virus is reported to encrypt files of the infected users, denying them access to them. The newly encrypted files have the .criptiko, .criptoko, .criptokod, .cripttt, .aga file extension added to them and they are completely inaccessible with any type of software. The only viable solution against CryFile appears to be paying the $100 ransom money demanded by the cyber-criminals. But users are strongly advised not to pay any ransom and instead download the decrypter for the ransomware and try and remove this virus themselves using instructions such as the ones in this article.

Icon by Freepik – Freepik.com

Threat Summary

NameCryFile
TypeRansomware
Short DescriptionThe ransomware encrypts files with a strong algorithm and asks a ransom of 100$ for decryption.
SymptomsFiles are encrypted by CryFile with a several different file extensions added for each variant and become inaccessible. A ransom note with instructions for paying the ransom shows as two .txt files.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by CryFile

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss CryFile Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CryFile Ransomware – Methods of Distribution

In order to be widespread, the CryFile Ransomware is reported to use massive spam campaigns sent out by spamming software, also known as spam bots. Such campaigns may include Referral spam of malicious URLs, spammed e-mail messages or others. Such messages may redirect to a web link containing JavaScript or an Exploit Kit that can penetrate the defenses of the victim`s computer and download the malware onto it.

CryFile Ransomware Viewed In Detail

As soon as it is executed, the malicious script of CryFile Ransomware may create several different files on the compromised computer. They are usually located in one of the following Windows folders:

  • %AppData%
  • %Local%
  • %Roaming%
  • %User’s Profile%
  • %Windows%

The ransomware also modifies the registry entries of the affected computer so that it may start to encrypt files when Windows boots up:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In addition to that, it may also modify other registry entries such as settings that may change the wallpaper of the user, display ransom notes on start up and others.

When the ransomware starts encrypting files it may look for the following file extensions:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com

After this is done, this ransomware then adds one of the following extensions to the encrypted files:

  • .criptiko
  • .criptoko
  • .criptokod
  • .cripttt
  • .aga


The virus may drop two text files on the infected computer:

SHTODELATVAM.txt file:
“Напишите нам для разблокировки
Ваших файлов: [email protected]
Instructionaga.txt file:
“Для разблокировки Ваших файлов
напишите: [email protected]

After the files are encrypted, this ransomware may self-delete.

In conclusion, CryFile Ransomware was most likely purchased on the deep web`s black markets and is being modified so that it fills the pockets of cyber-crooks. Judging by which country is targeted, the ransomware may be created in Eastern Europe. Users who have been infected by the CryFile theat should follow the instructions posted below.

Remove CryFile Ransomware and Decrypt The Encrypted Files

In order to remove CryFile Ransomware, we strongly advise you to follow the instructions below. Since it is not quite clear what are the names of the malicious files, you may have difficulty detecting and removing them manually. This is why experts always recommend using an Advanced Anti-Malware program which will surely take care of CryFile ransomware and protect you from such viruses in the future as well.

To decrypt your files, please download the following decrypter, by clicking on the blue “Скачатъ” button after you open the web link below

Download Trojan-Ransom.Win32.CryFile.bmm Decrypter

Manually delete CryFile from your computer

Note! Substantial notification about the CryFile threat: Manual removal of CryFile requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove CryFile files and objects
2.Find malicious files created by CryFile on your PC
3.Fix registry entries created by CryFile on your PC

Automatically remove CryFile by downloading an advanced anti-malware program

1. Remove CryFile with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by CryFile in the future
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.