Remove PizzaCrypts Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove PizzaCrypts Ransomware and Restore Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by PizzaCrypts and other threats.
Threats such as PizzaCrypts may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

STF-pizzacrypts-info-ransomware-pizza-crypts-virus-pizza-encryption

PizzaCrypts is the name of a ransomware virus, which uses the Neutrino exploit kit as the primary distribution method. It encrypts files and wants Bitcoin currency as a ransom payment. The extension this ransomware appends to all encrypted files is .id-[id number][email protected] To remove the ransomware and see how to restore your files, you should read the article till the end.

Threat Summary

NamePizzaCrypts
TypeRansomware
Short DescriptionThe ransomware will encrypt all of your files and show a ransom note, giving out contact emails to be used for communication about the ransom payment.
SymptomsThe ransomware asks for Bitcoins after encryption and puts.id-[id number][email protected] as the extension to each file.
Distribution MethodExploit Kits, Spam Emails, File Sharing Networks
Detection Tool See If Your System Has Been Affected by PizzaCrypts

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss PizzaCrypts.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

PizzaCrypts Ransomware – Infection Spread

PizzaCrypts ransomware is mainly infecting computers through the Neutrino Exploit Kit and possibly some others. The exploit kit usually seeks for older versions of Flash and exploits their vulnerabilities to deliver the payload of the ransomware.

PizzaCrypts might also be spread with spam emails. Emails like that often have some files attached inside. Opening the attachment will trigger the malicious code to infect your computer. Another possibility of a user getting his PC infected could be through social media or file sharing networks. Malicious files might be lurking there as well if the ransomware creators or other criminals have put them there. Avoiding that possibility for infection is doable if you are very careful with what you do on the Internet.

PizzaCrypts Ransomware – Technical Details

PizzaCrypts is a new ransomware that a researcher called Brad has found recently.

The ransomware is named after a part of the extension it places on encrypted files, which is also one of the emails given for contact.

After encryption, the PizzaCrypts ransomware leaves two emails for contact:

The PizzaCrypts ransomware may create the following registry key:

→HKCU\Software\Microsoft\Windows\CurrentVersion\Run

The registry key will enable the ransomware to start at the same time the Windows operating system starts.

You can view a screenshot of the ransom note text file “Pizzacrypts Info.txt” right here:

STF-pizzacrypts-info-ransomware-pizza-crypts-virus-ransom-note

The text form of the ransom note is written below:

Attention!

All your files are encrypted cryptographically strong algorithm!

Decoding is not possible without our help!

In order to start the process of decoding the files, you need to contact us on the below
contacts, attached the example of an

encrypted file:

– Primary email: [email protected]

– Secondary email: [email protected]

– Bitmessage: BM-NBRCUPTenKgYbLVCAfevuHVsHFK6ue2F

How To use Bitmessage see https://www.youtube.com/watch?v=ndqlffqCMaM

We encourage you to contact us for all three contacts!

– Very important:

We recommend to write email us with gmail address, otherwise your email may not reach us !

Do not try to decrypt files by third-party decipherers, otherwise you will spoil files!

From the ransom note, it becomes apparent that the ransomware creators want you to contact them in all three ways they have given and to use a Google mail address. Probably they might delete some of the contact details to cover their tracks, and the emails they use might have block filters for other mail services. The amount you have to pay for file decryption is not stated.

Do not pay the ransom as no guarantee could exist that you will get your data back if you do so. Although the ransom note states that tampering with your files might damage them – this might just be an empty threat. Read on, to find out how you might recover some of your files.

The PizzaCrypts ransomware probably uses some military algorithm for encryption or at least it claims it is a strong one. The file extensions list which the ransomware searches to encrypt is not fully known, but the following file extensions are encrypted:

→.jpeg, .docx, .doc, .jpg, .bmp, .png, .xlsx, .pptx, .rtf, .odt, .ods, .pdf, .ppt, .xls

After the completion of the encrypting process, files on your computer machine will have another extension appended to them – .id-[id number][email protected].

PizzaCrypts ransomware is not reported to delete Shadow Volume Copies from the Windows operating system. Read the article to the end to see how you can try restoring your files.

Remove PizzaCrypts Ransomware and Restore .id-[id number][email protected] Encrypted Files

If your computer system is infected with the PizzaCrypts ransomware, you should have some experience in removing malware. You should get rid of this ransomware as fast as you can before it encrypts more files and distributes further on the network you use. The recommended action for you to take is to remove the ransomware effectively by following the step-by-step instructions manual provided down below.

Note! Your computer system may be affected by PizzaCrypts and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as PizzaCrypts.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove PizzaCrypts follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove PizzaCrypts files and objects
2. Find files created by PizzaCrypts on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by PizzaCrypts

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...