Ransomware, known as CryFile has been reported to infect computers primarily in Russia. This nasty crypto-virus is reported to encrypt files of the infected users, denying them access to them. The newly encrypted files have the .criptiko, .criptoko, .criptokod, .cripttt, .aga file extension added to them and they are completely inaccessible with any type of software. The only viable solution against CryFile appears to be paying the $100 ransom money demanded by the cyber-criminals. But users are strongly advised not to pay any ransom and instead download the decrypter for the ransomware and try and remove this virus themselves using instructions such as the ones in this article.
Icon by Freepik – Freepik.com
|Short Description||The ransomware encrypts files with a strong algorithm and asks a ransom of 100$ for decryption.|
|Symptoms||Files are encrypted by CryFile with a several different file extensions added for each variant and become inaccessible. A ransom note with instructions for paying the ransom shows as two .txt files.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
|Detection Tool|| See If Your System Has Been Affected by CryFile |
Malware Removal Tool
|User Experience||Join our forum to Discuss CryFile Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
CryFile Ransomware – Methods of Distribution
CryFile Ransomware Viewed In Detail
As soon as it is executed, the malicious script of CryFile Ransomware may create several different files on the compromised computer. They are usually located in one of the following Windows folders:
- %User’s Profile%
The ransomware also modifies the registry entries of the affected computer so that it may start to encrypt files when Windows boots up:
In addition to that, it may also modify other registry entries such as settings that may change the wallpaper of the user, display ransom notes on start up and others.
When the ransomware starts encrypting files it may look for the following file extensions:
→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com
After this is done, this ransomware then adds one of the following extensions to the encrypted files:
The virus may drop two text files on the infected computer:
After the files are encrypted, this ransomware may self-delete.
In conclusion, CryFile Ransomware was most likely purchased on the deep web`s black markets and is being modified so that it fills the pockets of cyber-crooks. Judging by which country is targeted, the ransomware may be created in Eastern Europe. Users who have been infected by the CryFile theat should follow the instructions posted below.
Remove CryFile Ransomware and Decrypt The Encrypted Files
In order to remove CryFile Ransomware, we strongly advise you to follow the instructions below. Since it is not quite clear what are the names of the malicious files, you may have difficulty detecting and removing them manually. This is why experts always recommend using an Advanced Anti-Malware program which will surely take care of CryFile ransomware and protect you from such viruses in the future as well.
To decrypt your files, please download the following decrypter, by clicking on the blue “Скачатъ” button after you open the web link below
Manually delete CryFile from your computer
Note! Substantial notification about the CryFile threat: Manual removal of CryFile requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.