Crypton Ransomware

What is Crypton Ransomware?

Crypton Ransomware is a new infection that will not miss a chance to encrypt your files if it ever successfully infiltrates your computer. At the time of writing, its C&C server seems to be down; however, this malicious application is still working properly, so there is no doubt that it can cause harm. It is evident that Crypton Ransomware targets users speaking Russian and English because the ransom note it leaves after encrypting files is both in Russian and English. Just like other ransomware infections, this one enters computers and encrypts files so that it would make users pay money. Unfortunately, some people really do that because cyber criminals promise that they will unlock files after receiving payment. Researchers have noticed that users not always get their files back. Therefore, they do not recommend transferring money to cyber crooks, especially when the C&C server of Crypton Ransomware is down. Keeping this computer infection inside the computer is not a good idea either.

What does Crypton Ransomware do?

All ransomware infections, no matter what name they have, seek to extort money from users, so they encrypt files immediately after the entrance. Crypton Ransomware is no exception. It starts encrypting files using the AES encryption algorithm the moment it gets onto the computer. Researchers have found that it encrypts files having specific filename extensions only, for example, .db, .pdf, .png, .ppt, .pst, .rat, .rtf, .tiff, .txt, .xlsx, .xml, and .zip. Generally speaking, this infection targets files that users value the most. After encrypting those files and appending a new extension .crypt to all of them, this ransomware infection opens a ransom note. It is clearly stated there that users have to pay a certain amount of money to be able to decrypt the personal data. Unlike other similar threats, it does not promise to send the decryptor. Instead, the ransom note left informs users that the “decoding will start automatically.” Since the C&C server of Crypton Ransomware is not working at the time of writing, it is impossible to say what amount of money users are asked to transfer; however, there is no doubt that the price will not be low.

Even though it might be very hard, or even impossible, to decrypt files encrypted by Crypton Ransomware, you should definitely not transfer the required money because you might lose them too. Instead, you can recover these files from a backup after the removal of this threat. We know that not all the users have their files backed up. What we can suggest for these users is trying out all the reliable free data recovery tools available on the market. These tools might help to get, at least, some files back.

Where does Crypton Ransomware come from?

There is no doubt that Crypton Ransomware enters computers illegally. It has been found that this computer infection is usually spread through spam emails. Users contribute to the entrance of this threat too by opening a malicious spam email attachment or clicking on a link they find inside such an email. Crypton Ransomware not only locks files and opens a ransom note after the infiltration on the system. It has been found that it also drops an executable file crypton.exe in %APPDATA% directory. Also, it creates a point of execution in the Run registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run) so that it could start working again after the system restart. This makes it a quite sophisticated computer infection, so, unfortunately, it will not be very easy to get rid of it.

How do I delete Crypton Ransomware?

The removal of Crypton Ransomware should not be postponed because this infection will continue working on your system after the encryption of files and thus can encrypt new files. Since this infection applies so many modifications, it will definitely not be easy to erase it. Therefore, we suggest using the removal guide produced by specialists at anti-spyware-101.com. An alternative method is the automatic one. Go to scan your system with an automatic malware remover if you are not very advanced. Do not forget to take care of other threats that might be working in the background without your knowledge. Those users who delete Crypton Ransomware automatically do not need to worry about the additional malware because it has already been removed together with the ransomware infection.

Delete Crypton Ransomware

1. Find and delete the malicious file you have launched.
2. Press Win+E.
3. Type %APPDATA% in the box at the top and tap Enter.
4. Remove crypton.exe.
5. Press Win+R.
6. Type regedit.exe and click OK.
7. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
8. Locate the Value crypton, right-click on it, and select Delete.
9. Open the registry key HKCU\Software\Crypton.
10. Delete it (right-click on it and select Delete).

Download Removal Tool100% FREE spyware scan and
tested removal of Crypton Ransomware*