Remove Cryptorium Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum |

Remove Cryptorium Ransomware and Restore Encrypted Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This material is created to show you how to properly delete Cryptorium Ransomware virus and restore your encrypted files.

A ransomware virus has been detected by malware researchers, carrying the name Cryptorium. When it infects a system, the virus immediately causes encryption to videos, pictures, audio files and documents that are important. The virus then displays a Cryptorium pop-up explaining to the user that a ransom must be paid to receive a “GBO KEY” for file decryption. In case you have become an unfortunate victim of Cryptorium ransomware, we urge you to read this article thoroughly in order to learn how to remove the ransomware and attempt to recover as many files as possible.

Threat Summary



Short DescriptionCryptorium ransomware encrypts user files and leaves as contact e-mail addresses to contact the criminals behind it and pay the ransom fee.
SymptomsRenders the files on the infected computer no longer openable and asks a ransom to be paid.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Cryptorium


Malware Removal Tool

User ExperienceJoin our forum to Discuss Cryptorium.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Cryptorium Ransomware – More Information

In order to best explain about Cryptorium ransomware, we will take you through the infection process by this ransomware methodologically, starting with how it spreads.

Cryptorium Ransomware – Distribution

To cause an infection, Cryptorium ransomware may target different areas. The primary target for viruses like Cryptorium are e-mails, since most inexperienced users may fall for a socially engineered phishing e-mail. Usually such e-mails are embedded with either malicious web links that redirect to a script that causes the infection. Another scenario is if those e-mails have an e-mail attachment pretending to be an important document, like a receipt or an invoice. Most malicious file formats are executable files (.vbs, .exe, .bat), JavaScript (.js, wsf) or HTML (.hta, .htm, .html), but users have also reported spotting .lnk files and .docx or .xls as well as .pdf types of documents that contain malicious scripts embedded within them. This is achievable by adding a so-called malicious macro, which activates if a user clicks on the button to enable content for viewing and/or editing:

Whatever the scenario may be, via URL, macros or malicious files, once the infection file is activated it may use malware obfuscators to avoid any firewall or antivirus real-time shield detection. As soon as it is activated in an obfuscated manner the Cryptorium infection file may connect to the cyber-criminals C&C (Command and Control) servers to download the payload of Cryptorium onto the infected computer. The payload files may be located on several different Windows folders under a different name:

Cryptorium Ransomware – Post-Infection Analysis

After infection, Cryptorium ransomware may begin to encrypt the files changing blocks of bytes of their structure with a cipher, enough to render the files no longer openable. After the encryption the virus displays a pop-up with the following message:

Oh no, you had bad luck today. All your files are encrypted!
But! I have not deleted them yet! Purchase a “GBO KEY” to decrypt your files.
If not all encrypted files will be permanently deleted within 32h and then there is no way to recover them!
Be quick or no files!
*All servers are down at the moment!
You will have to find it out!
Oh and the gbo keys are all generated randomly! >:] “DECRYPT WITH CODE””

This humorous message aims to mock the user that he has become victims. It is very serious however in the statement that It may cause deletion of the files if a deadline for payment is not met.

This is why instead of having to pay a large ransom fee, it is strongly recommended to focus on removing Cryptorium ransomware by yourself and trying to restore the files on your own.

Remove Cryptorium Ransomware and Restore Encrypted File

In order to fully remove Cryptorium ransomware, we advise you to follow our removal instructions below. They are created to methodologically get rid of the threat effectively. However, if you lack the experience to remove Cryptorium virus manually, experts always recommend using an anti-malware program with advanced removal features for maximum effectiveness and thoroughness.

After having removed Cryptorium from your computer, advices are to backup all files that are encrypted. After having done this, it is recommended to try using the alternative tools we suggested In step “2. Restore files encrypted by Cryptorium”. These steps are not fully tested, so you may want to try them with copies of the encrypted files. They are a good temporary solution until a decryptor is released by malware researchers, which, if happens we will immediately update this article.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share