CryptoWire Ransomware

What is CryptoWire Ransomware?

CryptoWire Ransomware is the so-called educational ransomware infection which can be downloaded by anyone from github.com. Even though it seems to be developed for educational purposes primarily, it has been found that it can be used to create other file-encrypting threats by cyber criminals too. For example, specialists have already discovered a new ransomware infection called Lomix Ransomware which is created on the basis of the engine belonging to CryptoWire Ransomware. Cyber criminals might start creating other similar threats using the code of the original infection compiled with the AutoIt scripting language, so users have to be as cautious as they have never been before. The main focus of this article is CryptoWire Ransomware and its removal. If you know what to expect from this threat, you will know how other infections based on its engine are going to work. You will find information regarding the CryptoWire Ransomware removal provided in this article too. This knowledge might be useful if you ever encounter the original threat CryptoWire Ransomware or other similar infections based on it.

What does CryptoWire Ransomware do?

Once the malicious file of CryptoWire Ransomware is executed, a copy of the ransomware infection with the same name is created in %PROGRAMFILES(x86)%\Common Files. Also, a task having a random name of 10 digits is added to %WINDIR%\System32\Tasks. This is done so that the malicious file located in the Common Files will be launched again if the computer is restarted. When the ransomware infection finishes making modifications on the infected computer, it starts encrypting files. Our researchers have revealed that it targets files located in %USERPROFILE% and its subfolders only, which means that it will not make system files inaccessible. Luckily, it does not lock the screen like other prevalent ransomware infections too. Instead of doing that, it opens a window with a ransom note and a long list of encrypted files (the information is taken from the log.txt file located in the Common Files folder) on Desktop after it finishes encrypting users’ files. The ransom note immediately informs users: “Your files has been safely encrypted”. Therefore, it is impossible not to notice that the ransomware infection is inside the computer. Also, this window contains two buttons Buy Bitcoins and Decrypt Files. The first one opens a website (howtobuybitcoins.info) where users can buy Bitcoins while the second one checks the Decryptionkey field. Finally, it is said there what has to be done to decrypt files and thus get them back. Just like other ransomware infections, CryptoWire Ransomware asks to pay a ransom of $200 (~ 0.27 Bitcoin). We know that you badly need to unlock your files, but we also know that your files might not be unlocked for you even if you send the required money. As a consequence, we do not recommend spending money on the decryption key, but, of course, the last word is yours.

Research has shown that CryptoWire Ransomware ruins the non-encrypted copies of files too. It overwrites them 10 times and then deletes them all permanently. The same happens with items in the Recycle bin too. The ransomware infection does that so that it would be impossible to recover files using third-party software. Unfortunately, this also means that only those users who have backed up their files before the entrance of this malicious application have a chance of recovering data without purchasing the decryption key from cyber criminals.

Where does CryptoWire Ransomware come from?

We have found out that CryptoWire Ransomware also enters computes without permission like ransomware infections released some time ago. Most probably, it has sneaked onto the computer secretly after you have opened an attachment from a spam email. These attachments often pretend to be simple documents, but, in reality, they might be very dangerous, e.g. contain a malicious file that can install a ransomware infection on the system. Of course, there are ways to protect the system from harmful infections that are just waiting for the opportunity to sneak onto the computer. We have two pieces of advice for you. First, you should ignore the spam mail folder completely. Second, you should install a reputable security application on your computer and keep it enabled 24/7.

How do I remove CryptoWire Ransomware?

Even though it is impossible to decrypt files locked by CryptoWire Ransomware without the decryption key, it is possible to remove the infection. Users should not let this threat stay on their computers because it might strike again and thus encrypt files. Also, users will keep seeing an irritating window on their Desktops unless they get rid of it. CryptoWire Ransomware can be deleted manually or automatically. Instructions for the manual removal of this threat can be found below this paragraph, whereas the Download button you should click on to get a reputable SpyHunter scanner for the automatic CryptoWire Ransomware deletion is available below the manual removal instructions.

Delete CryptoWire Ransomware manually

1. Open the Windows Explorer (press Win+E simultaneously).
2. Open %PROGRAMFILES(x86)%\Common Files (copy and paste the path in the URL box at the top).
3. Tap Enter.
4. Delete the executable file of the ransomware infection.
5. Open %WINDIR%\System32\Tasks.
6. Remove the task having a random 10-digit name.
7. Locate and erase the malicious file you have launched before finding a bunch of your files encrypted.

Download Removal Tool100% FREE spyware scan and
tested removal of CryptoWire Ransomware*