Cry36 Ransomware

What is Cry36 Ransomware?

The Cry36 ransomware is an infection that locks you out of your system and keeps your files hostage until you pay the ransom. The sad truth is that after paying the money required the encrypted files are very likely to remain inaccessible. The Cry36 ransomware should be treated as a serious security issue, so we encourage you to take action to remove it from the computer.

The Cry36 ransomware is part of a ransomware family that also includes similar infections dubbed Cry9, Cry128, Dharma, and Crypton, also known as Nemisis. All these Trojan horses have similar characteristics; however, each of them is unique at the same time because there are some distinctive features. One of them is that the Cry36 ransomware makes encrypted files bigger in size compared to their original copies. Research on the ransomware has revealed that the infection increases the size of the affected files by 36 bytes. Alongside this characteristic, there are several more, and interested readers are encouraged to continue reading to get the view of how this nasty piece of malware works.

How does the Cry36 ransomware work?

Once the Cry36 ransomware gets onto the computer, it scans different partitions of your hard drive disk for certain file extensions. Research has not shown that this particular threat is capable of encrypting substantial numbers of files, but it is indeed capable of encrypting the most commonly used, such as .doc, .mp4, .png, .ppt, etc. Encrypted files are typically marked by adding an extra extension that is made of a several characters making some sense. The Cry36 ransomware creates extensions that vary from computer to computer. A Cry36 extension includes the identification code of the computer, an email address that is likely to be related to the hackers behind the threat, and a string of 5 characters that includes digits and letters. For example, the extension may look like id-2559797930_[].a97rq. The email address could differ every time as the facts provided by victims suggest that there are several different emails. Very similar extensions using the same email address were noticed when analyzing the Wallet ransomware, which later switched to the extension .onion.

Once the threat completes encryption, it drops a .txt file named "### DECRYPT ME FILES ###". The file contains information on what further steps have to be taken to have the encrypted data restored. According to the ransom message, a victim has to download the Tor browser and access a website given in the message. No sum of money is mentioned in the message. The website provided by the attackers opens a chat window, where new information would be given to the user after providing the remote attackers with the affected computer's ID. Unlike many other ransomware infections, Cry36 does not provide the sum requested in the ransom message. Typically, a victim is asked to purchase a certain amount of bitcoins and send it to a given address. In the present case, the attackers instruct a victim only to install the browser and contact them for more details.

How to prevent Cry36 and other ransomware?

There are multiple ways for ransomware infections to get on a computer. If no reliable security program is running on the PC, an infection can get via email attachments, bundled downloads, and malicious links. Ransomware, as well as other types of malware, can spread via phishing emails containing a download button or a link related to the infection. For this reason, it is crucial to ignore questionable emails or reach out to the sender to find out whether the email is reliable. Browsing freeware sharing websites and downloading questionable programs may also have unwanted consequences. Our team at advise to use reputable security programs so that you do not have to worry about malware removal and other security-related issues.

How to remove the Cry36 ransomware?

Removing the Cry36 ransomware is extremely important so that it does not become the cause for further malware installation and system malfunctions. You can try removing the infection manually using our removal guide below, but you can always choose to have the Cry36 ransomware removed for you by our recommended security program. If you are dealing with the Cry36 Trojan, that means that your operating system needs protection, so do not hesitate to implement a tool that can scan the computer and remove different types of threats for good.

Remove the Cry36 ransomware

  1. Delete the file launching the Cry36 ransomware from the Downloads or Temp folder.
  2. Access the %APPDATA% directory and remove malicious files.
  3. Go to Registry Editor and follow the path HKCU\Software\ to find the folder or Cry36.
  4. Delete the associated folders.
  5. Follow the path HKCU\Software\Microsoft\Windows\CurrentVersion\Run and delete values with the name of the infection. 100% FREE spyware scan and
    tested removal of Cry36 Ransomware*

Leave a Comment

Enter the numbers in the box to the right *