Remove Cryptorium Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum |

Remove Cryptorium Ransomware and Restore Encrypted Files

This material is created to show you how to properly delete Cryptorium Ransomware virus and restore your encrypted files.

A ransomware virus has been detected by malware researchers, carrying the name Cryptorium. When it infects a system, the virus immediately causes encryption to videos, pictures, audio files and documents that are important. The virus then displays a Cryptorium pop-up explaining to the user that a ransom must be paid to receive a “GBO KEY” for file decryption. In case you have become an unfortunate victim of Cryptorium ransomware, we urge you to read this article thoroughly in order to learn how to remove the ransomware and attempt to recover as many files as possible.

Threat Summary



Short DescriptionCryptorium ransomware encrypts user files and leaves as contact e-mail addresses to contact the criminals behind it and pay the ransom fee.
SymptomsRenders the files on the infected computer no longer openable and asks a ransom to be paid.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Cryptorium


Malware Removal Tool

User ExperienceJoin our forum to Discuss Cryptorium.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Cryptorium Ransomware – More Information

In order to best explain about Cryptorium ransomware, we will take you through the infection process by this ransomware methodologically, starting with how it spreads.

Cryptorium Ransomware – Distribution

To cause an infection, Cryptorium ransomware may target different areas. The primary target for viruses like Cryptorium are e-mails, since most inexperienced users may fall for a socially engineered phishing e-mail. Usually such e-mails are embedded with either malicious web links that redirect to a script that causes the infection. Another scenario is if those e-mails have an e-mail attachment pretending to be an important document, like a receipt or an invoice. Most malicious file formats are executable files (.vbs, .exe, .bat), JavaScript (.js, wsf) or HTML (.hta, .htm, .html), but users have also reported spotting .lnk files and .docx or .xls as well as .pdf types of documents that contain malicious scripts embedded within them. This is achievable by adding a so-called malicious macro, which activates if a user clicks on the button to enable content for viewing and/or editing:

Whatever the scenario may be, via URL, macros or malicious files, once the infection file is activated it may use malware obfuscators to avoid any firewall or antivirus real-time shield detection. As soon as it is activated in an obfuscated manner the Cryptorium infection file may connect to the cyber-criminals C&C (Command and Control) servers to download the payload of Cryptorium onto the infected computer. The payload files may be located on several different Windows folders under a different name:

Cryptorium Ransomware – Post-Infection Analysis

After infection, Cryptorium ransomware may begin to encrypt the files changing blocks of bytes of their structure with a cipher, enough to render the files no longer openable. After the encryption the virus displays a pop-up with the following message:

Oh no, you had bad luck today. All your files are encrypted!
But! I have not deleted them yet! Purchase a “GBO KEY” to decrypt your files.
If not all encrypted files will be permanently deleted within 32h and then there is no way to recover them!
Be quick or no files!
*All servers are down at the moment!
You will have to find it out!
Oh and the gbo keys are all generated randomly! >:] “DECRYPT WITH CODE””

This humorous message aims to mock the user that he has become victims. It is very serious however in the statement that It may cause deletion of the files if a deadline for payment is not met.

This is why instead of having to pay a large ransom fee, it is strongly recommended to focus on removing Cryptorium ransomware by yourself and trying to restore the files on your own.

Remove Cryptorium Ransomware and Restore Encrypted File

In order to fully remove Cryptorium ransomware, we advise you to follow our removal instructions below. They are created to methodologically get rid of the threat effectively. However, if you lack the experience to remove Cryptorium virus manually, experts always recommend using an anti-malware program with advanced removal features for maximum effectiveness and thoroughness.

After having removed Cryptorium from your computer, advices are to backup all files that are encrypted. After having done this, it is recommended to try using the alternative tools we suggested In step “2. Restore files encrypted by Cryptorium”. These steps are not fully tested, so you may want to try them with copies of the encrypted files. They are a good temporary solution until a decryptor is released by malware researchers, which, if happens we will immediately update this article.

Manually delete Cryptorium from your computer

Note! Substantial notification about the Cryptorium threat: Manual removal of Cryptorium requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Cryptorium files and objects
2.Find malicious files created by Cryptorium on your PC

Automatically remove Cryptorium by downloading an advanced anti-malware program

1. Remove Cryptorium with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Cryptorium
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share