Remove Cryptohasyou Ransomware and Restore .enc Encrypted Files - How to, Technology and PC Security Forum |

Remove Cryptohasyou Ransomware and Restore .enc Encrypted Files


Ransomware – it is the new way of making money via using the malicious creations of dark web coders. One particular crypto-malware variant has the audacity to pretend even to be helpful and nice to you while using AES and RSA encryption algorithms to encode your files. Users who have been affected are helpless until they pay the 300$ file. However, experts strongly recommend NOT to give the ransom money to the cyber-crooks and look for a free alternative, such as the ones suggested below.

Threat Summary

Short DescriptionEncrypts the user’s files and pretends to be a helpful assistand asking for 300$ in the first 3 days and 150$ each day after the deadline for paying has expired.
SymptomsThe user’s files are encrypted with an added “.enc” file extension.
Distribution MethodVia malicious URLs and payload carrying executables.
Detection Tool See If Your System Has Been Affected by Cryptohasyou


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Cryptohasyou.

crypto-has-you-sensorstechforumImage Source:

Distribution of Cryptohasyou Ransomware

The malicious files of this crypto-threat may arrive directly on your device via several main types of executables:

  • Containing an Exploit Kit or a Trojan.
  • Containing the ransomware itself.
  • Containing a script that redirects to a malicious URL, which contains the ransomware.

These very types of files may be spread among the masses via several different types of spam:

  • Email spam.
  • Online social media and chat spam (Facebook, Skype, Steam, Twitter, etc.)
  • Hands-on approach (physical access to the device).
  • Via other malware or PUPs currently residing on your computer.

Cryptohasyou Ransomware In Detail

This devastating ransomware may pretend to be a helpful assistant with the problem of the user, but it uses two of the most powerful encryption algorithms which contain too many zeroes and ones for even powerful computers to decrypt.

For starters, the malware may arrive via the following malicious files and locations:

commonly used file names and folders

After it has been started Cryptohasyou has been reported by Symantec malware researchers to immediately begin looking for files with the following types to encrypt them:

→ .bat .bin .blf .cat .cdf-ms .cdfs .cmd .com .conf .cpl .dat .dev .dl .dll .dmp .drv .enc .etl .evt .evtx .exe .folder .fx .gadget .gpd .grp .idx .inf .ini .ins .inx .isu .job .jse .key .lib .lnk .lock .man .manifest .mci .mdmp .msc .msi .msn .msp .mst .mui .nls .ocx .osc .paf .pdb .pf .pif .ps1 .reg .rgu .scr .sct .sfc .sfcache .shb .shs .shs .sif .so .sys .u3p .vb .vbe .vbs .vbscript .vtd .ws .wsf

These files suggest that the ransomware does not look for specific pictures but is more oriented towards executable files, modules, configuration files, temp files and visual basic scripts.

The encrypted files have the .ENC extension added to them, and they cannot be opened with any type of program to work effectively. The encrypted files look like the following example:

→ Notepad.exe.enc

This is especially devastating because it may also target the programs which users take advantage of to do their work on a regular basis.

After encrypting these types of files, the ransomware displays the following ransom note which makes it look as it is helpful:

Hello, Unfortunately for you, a virus has found its way onto your computer. The virus has encrypted all of the files that exist on this computer (pictures, documents, spreadsheets, videos, etc.). There is no way to restore the files back to their original forms without the unique decryption programs.
Fortunately, we can help. We have your unique decryption program. If you value your locked files and want to restore them, we can provide you with the decryption program and any assistance you need for the price of $300.
Want us to fix all of your files? Have a question? Want to send us a complaint(or compliment)?
Contact us! Our email is {cyber-crooks’ mail}
We will get back to you with haste.
If you want proof that we can decrypt your files, send us a single encrypted file in an email and we will return it to you fixed and in original condition!
You must respond to this in a timely fashion if you want your original files back.
The initial price of our service is $300. For every 3 days that pass, the price of our service will raise by an additional $150. We will know how long it has been. Remember, we are your only option. If you consult an IT expert, they will tell you the same thing.
Additional Details: (for IT People)
[+] It is impossible to recover the original files without our help.
[+] Encryption scheme: aes256(filesystem, aes_key) -> rsa2048(aes_key, public key)
-In other words, the private_key is required to decrypt the filesystem
[+] During filesystem encryption, all affected files had the original data overwritten with the encrypted data several times over to prevent recovery.
[+] If the extention of an encrypted file is not “.enc” when the decryption program is run, it will not be decrypted.
[+] Do not shut down or restart your computer while filesystem decryption occurs
FOR FILE DECRYPTION CONTACT US: {cyber-crooks’ email address}
You will need to provide the following data to us along with a payment in order to decrypt your files:
{unique identifying number that has letters as well as digits}“

This cattish message points out to the level of audacity that the people behind this ransomware variant have reached.

Remove Cryptohasyou Ransomware and Restore .Enc Encrypted Files

Regarding the removal of this ransomware, it is advisable to focus on using the step-by-step removal instructions which are outline after this article.

If you want to recover your data, unfortunately, there is no viable solution to do this for free. However, you may attempt restoring the data or using other methods to find the key, illustrated in Step 3, in the 2nd section below.

Manually delete Cryptohasyou from Windows and your browser

Note! Substantial notification about the Cryptohasyou threat: Manual removal of Cryptohasyou requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Cryptohasyou files and objects.
2. Find malicious files created by Cryptohasyou on your PC.
3. Fix registry entries created by Cryptohasyou on your PC.

Automatically remove Cryptohasyou by downloading an advanced anti-malware program

1. Remove Cryptohasyou with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Cryptohasyou in the future
3. Restore files encrypted by Cryptohasyou
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.