A ransomware virus has been detected by malware researchers, carrying the name Cryptorium. When it infects a system, the virus immediately causes encryption to videos, pictures, audio files and documents that are important. The virus then displays a Cryptorium pop-up explaining to the user that a ransom must be paid to receive a “GBO KEY” for file decryption. In case you have become an unfortunate victim of Cryptorium ransomware, we urge you to read this article thoroughly in order to learn how to remove the ransomware and attempt to recover as many files as possible.
|Short Description||Cryptorium ransomware encrypts user files and leaves as contact e-mail addresses to contact the criminals behind it and pay the ransom fee.|
|Symptoms||Renders the files on the infected computer no longer openable and asks a ransom to be paid.|
|Detection Tool|| See If Your System Has Been Affected by Cryptorium |
Malware Removal Tool
|User Experience||Join our forum to Discuss Cryptorium.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Cryptorium Ransomware – More Information
In order to best explain about Cryptorium ransomware, we will take you through the infection process by this ransomware methodologically, starting with how it spreads.
Cryptorium Ransomware – Distribution
Whatever the scenario may be, via URL, macros or malicious files, once the infection file is activated it may use malware obfuscators to avoid any firewall or antivirus real-time shield detection. As soon as it is activated in an obfuscated manner the Cryptorium infection file may connect to the cyber-criminals C&C (Command and Control) servers to download the payload of Cryptorium onto the infected computer. The payload files may be located on several different Windows folders under a different name:
Cryptorium Ransomware – Post-Infection Analysis
After infection, Cryptorium ransomware may begin to encrypt the files changing blocks of bytes of their structure with a cipher, enough to render the files no longer openable. After the encryption the virus displays a pop-up with the following message:
Oh no, you had bad luck today. All your files are encrypted!
But! I have not deleted them yet! Purchase a “GBO KEY” to decrypt your files.
If not all encrypted files will be permanently deleted within 32h and then there is no way to recover them!
Be quick or no files!
*All servers are down at the moment!
You will have to find it out!
Oh and the gbo keys are all generated randomly! >:] “DECRYPT WITH CODE””
This humorous message aims to mock the user that he has become victims. It is very serious however in the statement that It may cause deletion of the files if a deadline for payment is not met.
This is why instead of having to pay a large ransom fee, it is strongly recommended to focus on removing Cryptorium ransomware by yourself and trying to restore the files on your own.
Remove Cryptorium Ransomware and Restore Encrypted File
In order to fully remove Cryptorium ransomware, we advise you to follow our removal instructions below. They are created to methodologically get rid of the threat effectively. However, if you lack the experience to remove Cryptorium virus manually, experts always recommend using an anti-malware program with advanced removal features for maximum effectiveness and thoroughness.
After having removed Cryptorium from your computer, advices are to backup all files that are encrypted. After having done this, it is recommended to try using the alternative tools we suggested In step “2. Restore files encrypted by Cryptorium”. These steps are not fully tested, so you may want to try them with copies of the encrypted files. They are a good temporary solution until a decryptor is released by malware researchers, which, if happens we will immediately update this article.