C4H Ransomware

What is C4H Ransomware?

Do you believe that C4H Ransomware has invaded your Windows operating system and corrupted your personal files? That is very easy to figure out because once this infection encrypts files, it attaches the “.C4H” extension to their names. This extension is added as a mere marker, and even if you delete it from the files’ names, they will not be restored. Some victims might rush to remove C4H Ransomware to restore their files, and while this threat must be eliminated from the infected systems, the files cannot be recovered in that way. In fact, we do not know if your files can be recovered at all. Perhaps you can find and employ a legitimate third-party decryptor, but you certainly do not want to trust cybercriminals to help you. They promote their own decryptor in return for money, but they are unlikely to give you anything once you send the payment. Needless to say, this is a tricky situation, but we hope that we will be able to help you untangle the mess.

How does C4H Ransomware work?

C4H Ransomware is a dangerous threat, but it is not a unique threat. In fact, it is just a new variant of the infamous Globeimposter Ransomware, just like Taargo Ransomware, Ox4444 Ransomware, and other well-known threats. There is a free Globeimposter decryption tool, but we cannot promise that you will be able to recover all personal files using it. Of course, if you do not have copies of the encrypted files that you could use as replacements, employing the free decryptor might be your only option. Do you have copies of the encrypted files stored somewhere safe? If you do, delete C4H Ransomware, secure your Windows operating system, and then replace the corrupted files with their healthy copies. In the future, always create copies and store them online or on external drives to ensure that you always have a backup. Unfortunately, if you do not have backups, and if you cannot employ the free Globeimposter decryptor successfully, you might be tempted to just follow the demands of cybercriminals.

“Decryption INFO.html” is the only file that C4H Ransomware drops, according to our Anti-Spyware-101.com researchers. This file can be found in the %HOMEDRIVE% directory, and the message inside informs that you need to contact the attackers. It is stated that a “decryptor” exists, and that you should send a unique ID number to chinarecoverycompany@cock.li or chinarecoverycompany@airmail.cc if you want to learn how to pay for it. The sum of the ransom is not disclosed, and it is not clear how you are supposed to pay it. Most likely, the attackers would instruct you to pay it in Bitcoins to their anonymous Bitcoin Wallet. Even though the attackers can decrypt one file for free, that does not mean that they would assist you with the decryption of the remaining files. This is a just a trick to get your money, and if you give in, you are unlikely to receive anything in return. So, unless you want to waste your savings, we suggest paying no attention to the ransom message introduced by C4H Ransomware.

How to remove C4H Ransomware

Hopefully, you can delete C4H Ransomware knowing that you will be able to replace the corrupted files with healthy copies. That is possible only if copies exist somewhere safe, which could be an external drive or a virtual drive (e.g., Google Drive, Dropbox, iCloud, etc.). First, you must remove the infection. We cannot know its exact location on your operating system because that depends on how this malware got into your operating system. Was it dropped by another infection that also requires removal? Did you execute it by opening a spam email attachment? Did cybercriminals exploit RDP vulnerabilities to drop the file? If you are unable to figure out where the launcher is, we suggest leaving the removal of C4H Ransomware in the hands of professional anti-malware software. A quick and complete removal of malware is not the only reason to install it. This software also can provide you with full-time protection.

Removal Instructions

1. Launch File Explorer by tapping Win+E keys.
2. Enter %HOMEDRIVE% into the field at the top.
3. Delete the file named Decryption INFO.html.
4. Enter these paths into the field at the top to, hopefully, find and Delete malware files:
   • %TEMP%
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
5. Exit File Explorer and then Empty Recycle Bin.
6. Install a trusted malware scanner to check your system for any leftovers. Download Removal Tool100% FREE spyware scan and
   tested removal of C4H Ransomware*