Remove Cryptohasyou Ransomware and Restore .enc Encrypted Files - How to, Technology and PC Security Forum |

Remove Cryptohasyou Ransomware and Restore .enc Encrypted Files


Ransomware – it is the new way of making money via using the malicious creations of dark web coders. One particular crypto-malware variant has the audacity to pretend even to be helpful and nice to you while using AES and RSA encryption algorithms to encode your files. Users who have been affected are helpless until they pay the 300$ file. However, experts strongly recommend NOT to give the ransom money to the cyber-crooks and look for a free alternative, such as the ones suggested below.

Threat Summary

Short DescriptionEncrypts the user’s files and pretends to be a helpful assistand asking for 300$ in the first 3 days and 150$ each day after the deadline for paying has expired.
SymptomsThe user’s files are encrypted with an added “.enc” file extension.
Distribution MethodVia malicious URLs and payload carrying executables.
Detection Tool See If Your System Has Been Affected by Cryptohasyou


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Cryptohasyou.

crypto-has-you-sensorstechforumImage Source:

Distribution of Cryptohasyou Ransomware

The malicious files of this crypto-threat may arrive directly on your device via several main types of executables:

  • Containing an Exploit Kit or a Trojan.
  • Containing the ransomware itself.
  • Containing a script that redirects to a malicious URL, which contains the ransomware.

These very types of files may be spread among the masses via several different types of spam:

  • Email spam.
  • Online social media and chat spam (Facebook, Skype, Steam, Twitter, etc.)
  • Hands-on approach (physical access to the device).
  • Via other malware or PUPs currently residing on your computer.

Cryptohasyou Ransomware In Detail

This devastating ransomware may pretend to be a helpful assistant with the problem of the user, but it uses two of the most powerful encryption algorithms which contain too many zeroes and ones for even powerful computers to decrypt.

For starters, the malware may arrive via the following malicious files and locations:

commonly used file names and folders

After it has been started Cryptohasyou has been reported by Symantec malware researchers to immediately begin looking for files with the following types to encrypt them:

→ .bat .bin .blf .cat .cdf-ms .cdfs .cmd .com .conf .cpl .dat .dev .dl .dll .dmp .drv .enc .etl .evt .evtx .exe .folder .fx .gadget .gpd .grp .idx .inf .ini .ins .inx .isu .job .jse .key .lib .lnk .lock .man .manifest .mci .mdmp .msc .msi .msn .msp .mst .mui .nls .ocx .osc .paf .pdb .pf .pif .ps1 .reg .rgu .scr .sct .sfc .sfcache .shb .shs .shs .sif .so .sys .u3p .vb .vbe .vbs .vbscript .vtd .ws .wsf

These files suggest that the ransomware does not look for specific pictures but is more oriented towards executable files, modules, configuration files, temp files and visual basic scripts.

The encrypted files have the .ENC extension added to them, and they cannot be opened with any type of program to work effectively. The encrypted files look like the following example:

→ Notepad.exe.enc

This is especially devastating because it may also target the programs which users take advantage of to do their work on a regular basis.

After encrypting these types of files, the ransomware displays the following ransom note which makes it look as it is helpful:

Hello, Unfortunately for you, a virus has found its way onto your computer. The virus has encrypted all of the files that exist on this computer (pictures, documents, spreadsheets, videos, etc.). There is no way to restore the files back to their original forms without the unique decryption programs.
Fortunately, we can help. We have your unique decryption program. If you value your locked files and want to restore them, we can provide you with the decryption program and any assistance you need for the price of $300.
Want us to fix all of your files? Have a question? Want to send us a complaint(or compliment)?
Contact us! Our email is {cyber-crooks’ mail}
We will get back to you with haste.
If you want proof that we can decrypt your files, send us a single encrypted file in an email and we will return it to you fixed and in original condition!
You must respond to this in a timely fashion if you want your original files back.
The initial price of our service is $300. For every 3 days that pass, the price of our service will raise by an additional $150. We will know how long it has been. Remember, we are your only option. If you consult an IT expert, they will tell you the same thing.
Additional Details: (for IT People)
[+] It is impossible to recover the original files without our help.
[+] Encryption scheme: aes256(filesystem, aes_key) -> rsa2048(aes_key, public key)
-In other words, the private_key is required to decrypt the filesystem
[+] During filesystem encryption, all affected files had the original data overwritten with the encrypted data several times over to prevent recovery.
[+] If the extention of an encrypted file is not “.enc” when the decryption program is run, it will not be decrypted.
[+] Do not shut down or restart your computer while filesystem decryption occurs
FOR FILE DECRYPTION CONTACT US: {cyber-crooks’ email address}
You will need to provide the following data to us along with a payment in order to decrypt your files:
{unique identifying number that has letters as well as digits}“

This cattish message points out to the level of audacity that the people behind this ransomware variant have reached.

Remove Cryptohasyou Ransomware and Restore .Enc Encrypted Files

Regarding the removal of this ransomware, it is advisable to focus on using the step-by-step removal instructions which are outline after this article.

If you want to recover your data, unfortunately, there is no viable solution to do this for free. However, you may attempt restoring the data or using other methods to find the key, illustrated in Step 3, in the 2nd section below.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share