Remove CryptFile2 Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove CryptFile2 Ransomware and Restore Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by CryptFile2 and other threats.
Threats such as CryptFile2 may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

STF-cryptofile2-crypto-file-2-help-your-files-txt-ransom-note-instructions

Researchers from Proofpoint have revealed information about a ransomware called CryptFile2. They have given it this name, because of one of its malware samples. Proofpoint share that the ransomware has started raging in the middle of March, this year. The ransomware asks victims to contact the creators and pay an unknown sum of money in BitCoins to get their files back. Files with more than 1200 different extensions get encrypted by this ransomware.

To remove the ransomware and see how to restore your files, you should read the full article.

Threat Summary

NameCryptFile2
TypeRansomware
Short DescriptionThe ransomware encrypts files with the RSA algorithm and asks for payment in BitCoins.
SymptomsFiles with more than 1200 extensions are encrypted. Files with ransom instructions are put in every directory with locked files.
Distribution MethodSpam Emails, Exploit Kits
Detection Tool See If Your System Has Been Affected by CryptFile2

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss CryptFile2.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CryptFile2 Ransomware – Delivery

CryptFile2 ransomware is delivered mainly through Exploit Kits. Although, it is not excluded there to be spam emails spreading attachments with the malware inside. The malicious code could be hidden in the body of emails as well. So, just opening such an email might trigger the silent download of the malware on your system.

Exploit kits that are discovered to deliver this threat are the well-known Nuclear Exploit Kit and Neutrino.

Your PC can get infected from exploit kits and malware code spread throughout social network sites and file sharing services. A good prevention method is to avoid all suspicious files and web links you come across.

CryptFile2 Ransomware – Information

The CryptFile2 malware is classified by researchers as ransomware. Last week, Proofpoint researchers shared details about it. They gave the ransomware that name, after a debug string in one of the samples they were investigating. If you get infected, the malware will encrypt your most important files along with lots of different file types. It is not excluded for CryptFile2 to make entries in the Windows Registry with the goal of automatically load with each start of the Windows OS.

CryptFile2 will put two files in each directory that has encrypted files. They contain the ransomware instructions and have the following names:

  • HELP_YOUR_FILES.html
  • HELP_YOUR_FILES.txt

You can see an example of one of the files here:

STF-cryptofile2-crypto-file-2-help-your-files-txt-ransom-note-instructions

You are given a random ID. The instructions read:

NOT YOUR LANGUAGE? USE hxxps://translate.google.com

What happened to your files?

All of your files were protected by a strong encryption with RSA-2048. More information about the encryption keys RSA-2048 can be found here: hxxp://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen?
!!!Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our Secret Server.

What do I do?

So, there are two ways you can choose: wait for a miracle and get your pride doubled, or start obtaining BITCOIN NOW!, and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions:

Contact is by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 12 hours. For you to be sure, that we can decrypt your files – you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee.

E-MAIL1: [email protected]_post.com
E-MAIL2: [email protected]_usa.com
YOUR_ID:

Payment is expected to be paid in BitCoins, although the ransomware creators have not specified what amount. They have put two emails for contact.

Paying whatever price as ransom to the cyber criminals is far from advised. Not only you might not your files decrypted, but you might also not even receive an answer. Giving the criminals money might inspire them to continue making ransomware or something worse. Usually, this results in a stronger and improved variant of ransomware they have created in the past.

The CryptFile2 ransomware searches to lock files with more than 1200 different extensions, according to Proofpoint security researchers. The RSA encryption algorithm is used. Some of the file extensions are:

→.3gp, .7z, .ads, .asf, .asx, .ba, .bank, .bgt, .bik, .bkp, .bpw, .cdf, .cer, .ce1, .ce2, .cgm, .class, .cls, .cpp, .craw, .csh, .csl, .csv, .ddd, .der, .dng, .dxg, .eml, .exf, .ffd, .fff, .flac, .fla, .flv, .gray, .h, .hpp, .ibd, .indd, .java, .key, .laccdb, .m4v, .maf, .mam, .maw, .mdc, .mfw, .mp4, .mpg, .mso, .ndd, .nef, .nsg, .nwb, .odc, .odf, .odg, .odp, .one, .oth, .p7b, .pat, .pbo, .pcd, .pct, .pps, .ppsm, .ppsx, .pspimage, .psafe3, .pub, .qbw, .r3d, .raf, .rar, .rat, .raw, .rwz, .sas7bdat, .sda, .srf, .srt, .srw, .stc, .std, .sti, .st, .vob, .vsd, .vtx, .wav, .wmv, .wpd, .xlc, .xlm, .xlr, .xlt, .xltm, .xltx, .m4a, .wma, .zip, .unrec, .scan, .tax, .icxs, .hkdb, .mdbackup, .syncdb, .gho, .wmo, .fos, .mov, .vdf, .tmp, .sis, .menu, .layout, .blob, .vcf, .tor, .psk, .lvl, .xxx, .wallet, .wotreplay, .desc, .m3u, .js, .rb, .hkx, .forge, .rim, .vpp_pc, .pak, .rgs, .lrf

After file encryption, all files will have an extension .id_[yourid]_[ransomemail].scl, where yourID is your personal ID number and one of the following emails will be used:

The CryptFile2 ransomware encrypts backup and temporary files found on an infected computer’s internal disk storage. If that happens, then Shadow Volume Copies are probably deleted from Windows.

Remove CryptFile2 Ransomware and Restore Encrypted Files

If your computer is infected by the CryptFile2 ransomware, you should have a little experience with removing malware. You should remove the malware as soon as possible as it may encrypt more files over the network you use or files from external storage devices if you try using a backup. So, it is recommended that you first remove the ransomware and follow the step-by-step instructions given below.

Note! Your computer system may be affected by CryptFile2 and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as CryptFile2.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove CryptFile2 follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove CryptFile2 files and objects
2. Find files created by CryptFile2 on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by CryptFile2

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...