Cryptomaniac Ransomware

What is Cryptomaniac Ransomware?

Malware researchers have come across a nasty malicious program called Cryptomaniac Ransomware in the middle of December, 2017. It seems that it has not become a popular threat up to this day, but the situation might change soon. Also, it does not mean that it is impossible to encounter this threat if it is unpopular. According to specialists working at, this infection is mainly distributed via spam emails. Users find either malicious links or malicious attachments in these spam emails. On top of that, it might slither onto computers without permission if unsafe RDP access credentials are used. Finally, it might be possible to download this threat directly from some kind of website containing tons of free software. Of course, Cryptomaniac Ransomware acts the same in all the cases. That is, it encrypts users’ personal files right away. There is only one reason it has been programmed to perform this only activity on victims’ computers – cyber criminals want your money. You should not give them the reason to continue developing new threats, i.e. you should not transfer money to them. Make sure you erase the ransomware infection from your computer too because it seems that it can erase randomly-picked encrypted files making them gone forever. On top of that, we are sure it will not miss an opportunity to lock more files on your computer if you open its launcher accidentally and it starts working again.

What does Cryptomaniac Ransomware do?

Cryptomaniac Ransomware is a typical ransomware infection, so it goes without saying that it will try to obtain money from you. To give you the reason to send money to cyber criminals, it locks files with .zip, .backup, .mov, .png, .gif, .key, .der, .nef, .ppsx, .potm, .class, .wav, .js, .sql, .docb, .xlsm, .vdi, .aes, .bz2, and other popular extensions. It should append the .maniac filename extension to those files it encrypts, but you do not even need to see this new extension to understand that something wrong happened – you will not be allowed to access the majority of your files. You should also be able to find two new files on your computer following the encryption of your personal data: Readme_to_recover_files.txt and Readme_to_recover_files.html. These are ransom notes containing the same information. If users read any of them, they find out that they can no longer open their pictures, documents, text files, movies, etc. not without reason: “All your files have been encrypted by CRYPTOMANIAC!.” Also, users are told that they “have to pay for decryption in Bitcoins.” The size of the ransom should be 500 USD, but it might vary. No matter you find the decryption tool cyber criminals claim to have expensive or not, you should not purchase it from them because they might not send it to you. Actually, we do not even know whether they have software that can fix your files. Sadly, the chances are high that your files will stay locked because it deletes Shadow Volume Copies, meaning that only users who have copies of those encrypted files could restore them. Even though files cannot be unlocked, the ransomware infection must still be removed fully as soon as possible.

Where does Cryptomaniac Ransomware come from?

As has already been mentioned in the first paragraph of this article, Cryptomaniac Ransomware is mainly distributed via spam emails and unsecured RDPs, but cyber criminals might place it among freeware or shareware on third-party websites too. Therefore, you should be very cautious with software you download from the Internet as well. It is not easy to recognize malware, especially for inexperienced users, so, in our opinion, you should not try to prevent malicious software from entering your computer alone. It would be smart to enable a security application on your computer instead.

How to remove Cryptomaniac Ransomware

You do not need to be an expert in malicious software removal to be able to uninstall Cryptomaniac Ransomware from your computer manually because it should drop only ransom notes (Readme_to_recover_files.txt and Readme_to_recover_files.html) on affected computers. Yes, it also encrypts files like other ransomware infections, but it is not one of those threats that make a bunch of modifications on compromised machines in order to make it extremely hard to eliminate them. Of course, you can still delete Cryptomaniac Ransomware with an automated malware remover if you want to.

Remove Cryptomaniac Ransomware

  1. Open Windows Explorer (Win+E).
  2. Open the directory where your downloads are located (usually, it is %USERPROFILE%\Downloads or %USERPROFILE%\Desktop).
  3. Remove all suspicious recently downloaded files.
  4. Remove Readme_to_recover_files.txt and Readme_to_recover_files.html.
  5. Empty Recycle bin.
  6. Use an antimalware tool to scan your system. 100% FREE spyware scan and
    tested removal of Cryptomaniac Ransomware*

Leave a Comment

Enter the numbers in the box to the right *