Remove PizzaCrypts Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum |

Remove PizzaCrypts Ransomware and Restore Encrypted Files


PizzaCrypts is the name of a ransomware virus, which uses the Neutrino exploit kit as the primary distribution method. It encrypts files and wants Bitcoin currency as a ransom payment. The extension this ransomware appends to all encrypted files is .id-[id number] To remove the ransomware and see how to restore your files, you should read the article till the end.

Threat Summary

Short DescriptionThe ransomware will encrypt all of your files and show a ransom note, giving out contact emails to be used for communication about the ransom payment.
SymptomsThe ransomware asks for Bitcoins after encryption and[id number] as the extension to each file.
Distribution MethodExploit Kits, Spam Emails, File Sharing Networks
Detection Tool See If Your System Has Been Affected by PizzaCrypts


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss PizzaCrypts.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

PizzaCrypts Ransomware – Infection Spread

PizzaCrypts ransomware is mainly infecting computers through the Neutrino Exploit Kit and possibly some others. The exploit kit usually seeks for older versions of Flash and exploits their vulnerabilities to deliver the payload of the ransomware.

PizzaCrypts might also be spread with spam emails. Emails like that often have some files attached inside. Opening the attachment will trigger the malicious code to infect your computer. Another possibility of a user getting his PC infected could be through social media or file sharing networks. Malicious files might be lurking there as well if the ransomware creators or other criminals have put them there. Avoiding that possibility for infection is doable if you are very careful with what you do on the Internet.

PizzaCrypts Ransomware – Technical Details

PizzaCrypts is a new ransomware that a researcher called Brad has found recently.

The ransomware is named after a part of the extension it places on encrypted files, which is also one of the emails given for contact.

After encryption, the PizzaCrypts ransomware leaves two emails for contact:


The PizzaCrypts ransomware may create the following registry key:


The registry key will enable the ransomware to start at the same time the Windows operating system starts.

You can view a screenshot of the ransom note text file “Pizzacrypts Info.txt” right here:


The text form of the ransom note is written below:


All your files are encrypted cryptographically strong algorithm!

Decoding is not possible without our help!

In order to start the process of decoding the files, you need to contact us on the below
contacts, attached the example of an

encrypted file:

– Primary email:

– Secondary email:

– Bitmessage: BM-NBRCUPTenKgYbLVCAfevuHVsHFK6ue2F

How To use Bitmessage see

We encourage you to contact us for all three contacts!

– Very important:

We recommend to write email us with gmail address, otherwise your email may not reach us !

Do not try to decrypt files by third-party decipherers, otherwise you will spoil files!

From the ransom note, it becomes apparent that the ransomware creators want you to contact them in all three ways they have given and to use a Google mail address. Probably they might delete some of the contact details to cover their tracks, and the emails they use might have block filters for other mail services. The amount you have to pay for file decryption is not stated.

Do not pay the ransom as no guarantee could exist that you will get your data back if you do so. Although the ransom note states that tampering with your files might damage them – this might just be an empty threat. Read on, to find out how you might recover some of your files.

The PizzaCrypts ransomware probably uses some military algorithm for encryption or at least it claims it is a strong one. The file extensions list which the ransomware searches to encrypt is not fully known, but the following file extensions are encrypted:

→.jpeg, .docx, .doc, .jpg, .bmp, .png, .xlsx, .pptx, .rtf, .odt, .ods, .pdf, .ppt, .xls

After the completion of the encrypting process, files on your computer machine will have another extension appended to them – .id-[id number]

PizzaCrypts ransomware is not reported to delete Shadow Volume Copies from the Windows operating system. Read the article to the end to see how you can try restoring your files.

Remove PizzaCrypts Ransomware and Restore .id-[id number] Encrypted Files

If your computer system is infected with the PizzaCrypts ransomware, you should have some experience in removing malware. You should get rid of this ransomware as fast as you can before it encrypts more files and distributes further on the network you use. The recommended action for you to take is to remove the ransomware effectively by following the step-by-step instructions manual provided down below.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share