Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove PizzaCrypts Ransomware and Restore Encrypted Files

STF-pizzacrypts-info-ransomware-pizza-crypts-virus-pizza-encryption

PizzaCrypts is the name of a ransomware virus, which uses the Neutrino exploit kit as the primary distribution method. It encrypts files and wants Bitcoin currency as a ransom payment. The extension this ransomware appends to all encrypted files is .id-[id number][email protected] To remove the ransomware and see how to restore your files, you should read the article till the end.

Threat Summary

NamePizzaCrypts
TypeRansomware
Short DescriptionThe ransomware will encrypt all of your files and show a ransom note, giving out contact emails to be used for communication about the ransom payment.
SymptomsThe ransomware asks for Bitcoins after encryption and puts.id-[id number][email protected] as the extension to each file.
Distribution MethodExploit Kits, Spam Emails, File Sharing Networks
Detection Tool See If Your System Has Been Affected by PizzaCrypts

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss PizzaCrypts.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

PizzaCrypts Ransomware – Infection Spread

PizzaCrypts ransomware is mainly infecting computers through the Neutrino Exploit Kit and possibly some others. The exploit kit usually seeks for older versions of Flash and exploits their vulnerabilities to deliver the payload of the ransomware.

PizzaCrypts might also be spread with spam emails. Emails like that often have some files attached inside. Opening the attachment will trigger the malicious code to infect your computer. Another possibility of a user getting his PC infected could be through social media or file sharing networks. Malicious files might be lurking there as well if the ransomware creators or other criminals have put them there. Avoiding that possibility for infection is doable if you are very careful with what you do on the Internet.

PizzaCrypts Ransomware – Technical Details

PizzaCrypts is a new ransomware that a researcher called Brad has found recently.

The ransomware is named after a part of the extension it places on encrypted files, which is also one of the emails given for contact.

After encryption, the PizzaCrypts ransomware leaves two emails for contact:

  • [email protected]
  • [email protected]

The PizzaCrypts ransomware may create the following registry key:

→HKCU\Software\Microsoft\Windows\CurrentVersion\Run

The registry key will enable the ransomware to start at the same time the Windows operating system starts.

You can view a screenshot of the ransom note text file “Pizzacrypts Info.txt” right here:

STF-pizzacrypts-info-ransomware-pizza-crypts-virus-ransom-note

The text form of the ransom note is written below:

Attention!

All your files are encrypted cryptographically strong algorithm!

Decoding is not possible without our help!

In order to start the process of decoding the files, you need to contact us on the below
contacts, attached the example of an

encrypted file:

– Primary email: [email protected]

– Secondary email: [email protected]

– Bitmessage: BM-NBRCUPTenKgYbLVCAfevuHVsHFK6ue2F

How To use Bitmessage see https://www.youtube.com/watch?v=ndqlffqCMaM

We encourage you to contact us for all three contacts!

– Very important:

We recommend to write email us with gmail address, otherwise your email may not reach us !

Do not try to decrypt files by third-party decipherers, otherwise you will spoil files!

From the ransom note, it becomes apparent that the ransomware creators want you to contact them in all three ways they have given and to use a Google mail address. Probably they might delete some of the contact details to cover their tracks, and the emails they use might have block filters for other mail services. The amount you have to pay for file decryption is not stated.

Do not pay the ransom as no guarantee could exist that you will get your data back if you do so. Although the ransom note states that tampering with your files might damage them – this might just be an empty threat. Read on, to find out how you might recover some of your files.

The PizzaCrypts ransomware probably uses some military algorithm for encryption or at least it claims it is a strong one. The file extensions list which the ransomware searches to encrypt is not fully known, but the following file extensions are encrypted:

→.jpeg, .docx, .doc, .jpg, .bmp, .png, .xlsx, .pptx, .rtf, .odt, .ods, .pdf, .ppt, .xls

After the completion of the encrypting process, files on your computer machine will have another extension appended to them – .id-[id number][email protected].

PizzaCrypts ransomware is not reported to delete Shadow Volume Copies from the Windows operating system. Read the article to the end to see how you can try restoring your files.

Remove PizzaCrypts Ransomware and Restore .id-[id number][email protected] Encrypted Files

If your computer system is infected with the PizzaCrypts ransomware, you should have some experience in removing malware. You should get rid of this ransomware as fast as you can before it encrypts more files and distributes further on the network you use. The recommended action for you to take is to remove the ransomware effectively by following the step-by-step instructions manual provided down below.

Manually delete PizzaCrypts from your computer

Note! Substantial notification about the PizzaCrypts threat: Manual removal of PizzaCrypts requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove PizzaCrypts files and objects.
2. Find malicious files created by PizzaCrypts on your PC.
3. Fix registry entries created by PizzaCrypts on your PC.

Automatically remove PizzaCrypts by downloading an advanced anti-malware program

1. Remove PizzaCrypts with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by PizzaCrypts in the future
3. Restore files encrypted by PizzaCrypts
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.