Remove CryFile Ransomware and Decrypt .Criptoko Encrypted Files

Remove CryFile Ransomware and Decrypt .Criptokod Encrypted Files

lock-padlock-symbol-for-security-interfaceRansomware, known as CryFile has been reported to infect computers primarily in Russia. This nasty crypto-virus is reported to encrypt files of the infected users, denying them access to them. The newly encrypted files have the .criptiko, .criptoko, .criptokod, .cripttt, .aga file extension added to them and they are completely inaccessible with any type of software. The only viable solution against CryFile appears to be paying the $100 ransom money demanded by the cyber-criminals. But users are strongly advised not to pay any ransom and instead download the decrypter for the ransomware and try and remove this virus themselves using instructions such as the ones in this article.

Icon by Freepik –

Threat Summary

Short DescriptionThe ransomware encrypts files with a strong algorithm and asks a ransom of 100$ for decryption.
SymptomsFiles are encrypted by CryFile with a several different file extensions added for each variant and become inaccessible. A ransom note with instructions for paying the ransom shows as two .txt files.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by CryFile


Malware Removal Tool

User ExperienceJoin our forum to Discuss CryFile Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CryFile Ransomware – Methods of Distribution

In order to be widespread, the CryFile Ransomware is reported to use massive spam campaigns sent out by spamming software, also known as spam bots. Such campaigns may include Referral spam of malicious URLs, spammed e-mail messages or others. Such messages may redirect to a web link containing JavaScript or an Exploit Kit that can penetrate the defenses of the victim`s computer and download the malware onto it.

CryFile Ransomware Viewed In Detail

As soon as it is executed, the malicious script of CryFile Ransomware may create several different files on the compromised computer. They are usually located in one of the following Windows folders:

  • %AppData%
  • %Local%
  • %Roaming%
  • %User’s Profile%
  • %Windows%

The ransomware also modifies the registry entries of the affected computer so that it may start to encrypt files when Windows boots up:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

In addition to that, it may also modify other registry entries such as settings that may change the wallpaper of the user, display ransom notes on start up and others.

When the ransomware starts encrypting files it may look for the following file extensions:


After this is done, this ransomware then adds one of the following extensions to the encrypted files:

  • .criptiko
  • .criptoko
  • .criptokod
  • .cripttt
  • .aga

The virus may drop two text files on the infected computer:

“Напишите нам для разблокировки
Ваших файлов: [email protected]
Instructionaga.txt file:
“Для разблокировки Ваших файлов
напишите: [email protected]

After the files are encrypted, this ransomware may self-delete.

In conclusion, CryFile Ransomware was most likely purchased on the deep web`s black markets and is being modified so that it fills the pockets of cyber-crooks. Judging by which country is targeted, the ransomware may be created in Eastern Europe. Users who have been infected by the CryFile theat should follow the instructions posted below.

Remove CryFile Ransomware and Decrypt The Encrypted Files

In order to remove CryFile Ransomware, we strongly advise you to follow the instructions below. Since it is not quite clear what are the names of the malicious files, you may have difficulty detecting and removing them manually. This is why experts always recommend using an Advanced Anti-Malware program which will surely take care of CryFile ransomware and protect you from such viruses in the future as well.

To decrypt your files, please download the following decrypter, by clicking on the blue “Скачатъ” button after you open the web link below

Download Trojan-Ransom.Win32.CryFile.bmm Decrypter

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share