.crypted_pony Files Virus (Pony) – How to Remove It

.crypted_pony Files Virus (Pony) – How to Remove It

This blog post aims to explain what is the .crypted_pony_test_build_xxx_xxx_xxx_xxx_xxx file extension and how you can remove the Crypted_pony ransomware virus from your computer effectively.

A new version of what appears to be Pony ransomware has been detected in the widl. The virus appears to use an immensely long file extension which it adds upon file encrytpion – .crypted_pony_test_build_xxx_xxx_xxx_xxx_xxx. The virus also adds a long-named ransom note too, called IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_PLEASE_READ_THIS.HTML.. The ransom note contains a ransom message that aims to convince victims to pay ransom in order to get their files to work once again. If your computer has been infected by the .crypted_pony_test_build_xxx_xxx_xxx_xxx_xxx files version of Pony ransomware, we suggest that you read the article underneath.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionAimed at encrypting the files and rendering them unusable until the victim pays ransom.
SymptomsFiles are encrypted and cannot be opened and a ransom note, called IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_PLEASE_READ_THIS.HTML is dropped.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .crypted_pony


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .crypted_pony.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Pony Ransomware – Distribution Methods

The main methods by which Pony ransomware could be spread onto the victim computers is believed to be conducted via e-mails that contain e-mail attachments embedded in them, usually pretending to be:

  • Receipts.
  • Invoices.
  • Pictures.
  • Banking documents.
  • Power point presentations.

In addition to e-mails, the Pony .crypted_pony_test_build_xxx_xxx_xxx_xxx_xxx ransomware variant may be spread via multiple different types of methods, including uploading the malicious files of this malware on websites, where they pose as:

  • Cracks of software.
  • License activators for programs.
  • Key generators for various types of software.
  • Portable program variants.

Beware, since the crooks behind this malware go through great extent to conceal the files from your antivirus software, making it very difficult to avoid detection.

.crypted_pony Files Virus – More Information

Once your computer has been compromised by the .crypted_pony_test_build_xxx_xxx_xxx_xxx_xxx file ransomware, the first thing that you should be able to see is the ransom note of the virus, which appears like the following:

Once the .crypted_pony files virus compromised your computer’s defences, the malware may drop it’s payload, which may be located in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

In addition to this, the .crypted_pony virus may also interfere with the Run and RunOnce registry keys of Windows, located in the following directories:


In addition to this, the .crypted_pony ransomware may also delete the shadow copies on the computers, compromised by it by obtaining administrative privileges and running the following commands in Windows Command Prompt as an administrator:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

Besides this, Pony ransomware may also be type of the Pony Loader(https://sensorstechforum.com/macro-based-bartalex-malware-spreads-pony-loader-and-dyre-trojan/) threat, which is known to collect information from the infected computers and also perform mining activities and cryptocurrency theft from infected machines. And since it may have Trojan components, the Pony ransomware may perform the following actities:

  • Obtain administrator permissions.
  • Obtain language and regional settings.
  • Steal files.
  • Obtain read and write permissions.
  • Obtain system and network information from your computer.

Pony Ransomware – Encryption Process

The encryption process of pony ransomware is done with the aid of an advanced encryption mode, which renders files no longer able to be used until they are decrypted. The files that are eligible for encryption by the .crypted_pony ransomware are believed to be the following:

  • Image file types.
  • Document file types.
  • Adobe Photoshop file types.
  • Video file types.
  • Audio file types.
  • Archive file types.
  • Other often used files.

Once the encryption commences, the ransomware may leave the files looking like the following:

Remove Pony Ransomware and Try Restoring Your Files

If you want to make sure that this ransomware virus is completely gone from your computer, we would suggest that you follow the removal instructions that are underneath this article. They have been created to help you delete all traces of Pony Ransomware either manually or automatically from your computer. According to security experts, the most recommended removal strategy against the .crypted_pony ransomware is to remove it by scanning your computer with an advanced malware removal software, since it will check each part of your PC for the malicious objects of this ransomware and remove them fully, plus ensure future protection as well.

In addition to this, if you want to try and recover files, encrypted by the .crypted_pony ransomware virus, we would strongly recommend that you try the file recovery instructions underneath this article. They have been created with the main goal to help you to try and restore files, encrypted by this ransomware virus, but they may not be 100% effective to recover all of the encrypted files.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share