Cry Ransomware

What is Cry Ransomware?

Cry Ransomware will probably make you want to cry when you realize what just hit you. This malware infection pretends to be an official strike against your files; at least, that is why the criminals behind it may use an official-looking logo on their website. This ransomware encrypts your files within a very short time frame and shocks you with its lengthy ransom note. Since there is no free decryption software available on the net as of yet, there is really no other way for you to save your files than paying the fee to these criminals; unless, of course, you have a recent backup copy of your files saved on an external hard disk of some sort. According to our malware specialists at, it is always risky to pay up because there is no guarantee that these crooks will really send you the private key and decryption tool. This is a hard decision for you to make. But, if you want to make sure that your PC is safe for you to use again, you should not hesitate to remove Cry Ransomware. Let us tell you in more detail how this dangerous threat can show up on your system and how you could protect your computer from similar infections.testtesttest

Where does Cry Ransomware come from?

Just like most similar threats, including Nullbyte Ransomware, Ransomware, and Ransomware, this infection has also been mainly found spreading via spam e-mail campaigns as a malicious attached file. This attachment may look like a video, an image, a .zip archive, or even a text document, but you should know that it is indeed an executable malicious file. Before you see this file at all, however, you need to open this spam mail. Although you may think you would never be tricked into opening such a mail, you should know that criminals nowadays are very tricky and sophisticated when it comes to fooling people as well as spam filters.

They can use entirely believable sender e-mail addresses and convincing subjects that would make you want to open them right away. The body of such a mail can contain a simple text again convincing you about the importance of downloading and opening the attached file; however, there could also be a hyper link in the text that could also initiate the attack or drop the infection onto your computer. This attached file may be posing as an overdue invoice, or a document proving wrong credit card details you may have used to book a room in a hotel, and similar issues that would catch your eyes right there and then. It takes only a few clicks and you could infect your system with a beast like this. But you should know that removing Cry Ransomware after it has finished its job will not bring your files back. This is why you need to be more cautious next time you open your inbox.

What does Cry Ransomware do?

After you activate this vicious program by opening the downloaded file, it targets your documents, audio and image files as well as other program files in the %Homedrive%, %Allusersprofile%, and %Public% directories. This infection claims to use the RSA-4096 algorithm to generate a unique and impossible-to-decipher type of private key for your computer. Without this key it is virtually impossible to recover your files. Our researchers have not managed to find any tools on the web yet that could help you with this. Once this ransomware finishes its job, it displays an .html file on your screen, which is dropped in your %Temp% directory. This file contains the ransom note, which, in this case, seems to be quite long. There are instructions and details for you to understand what just happened to your files and how you can recover them. You have to check one of three given websites that were set up personally for you and you can enter these with the unique ID this ransom note provides you.

When you visit this website, you are presented with an official-looking site that seems to represent an authority called “Central Security Treaty Organization Department of pre-trial settlement,” whose logo you can find in the top-left corner of the page. This trick used to be used by criminals to scare inexperienced computer users to make sure they would be willing to pay the demanded ransom fee. This fee is $93 this time that has to be transferred to a Bitcoin wallet within 4 days. If you fail to do so, the amount will be raised to $186. We cannot state that these criminals will not keep their word and you will not be able to recover your files even if you pay. They even offer you to decrypt a file through this website to prove that they actually have the necessary private key and tool to do so. But even if this might seem like the only choice for you to have your files back, you should still be careful. What if these crooks have to shut down their Command and Control server and the connection between your PC and this server will cease? How do you think your files will be decrypted? And this is a scenario that can happen quite often.

An alternative option, of course, is to have a recent backup copy on an external storage, which you can transfer back to your PC. Ransomware infections are really good teachers for us to become more cautious and make regular backups. But even if you have your clean files, the first thing you have to do before starting to copy them back is to remove Cry Ransomware.

How can I delete Cry Ransomware?

In order to secure your computer, you need to delete a number of files related to this attack. But this is really not that complicated compared to the damage this beast has done to your files. Please follow our instructions below to clean this ugly threat from your computer without leftovers. Keep in mind that this will not recover your files. If you decide to pay the fee, do not delete Cry Ransomware just yet because that could make the file recovery impossible. Protecting your virtual world is very important as you can see now. This attack reminds us all to be more cautious. If you are tired of being invaded by malicious programs and manually hunting them down, maybe it is time for you to step up and install a proper anti-malware program to safeguard your computer.

Remove Cry Ransomware from Windows

  1. Tap Win+E to launch File Explorer.
  2. Locate and delete the downloaded malicious file.
  3. Bin the following files (* = random name):
    %ALLUSERSPROFILE%\Start Menu\Programs\*.lnk
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\*.lnk
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\*.lnk
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\*.lnk
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\*.lnk
  4. Empty your Recycle Bin.
  5. Restart your PC.
100% FREE spyware scan and
tested removal of Cry Ransomware*

Leave a Comment

Enter the numbers in the box to the right *