English

Change Language

Cryptxxx Ransomware

Posted by Max Lehmann on May 11, 2016

What is Cryptxxx Ransomware?

There is a new version of Cryptxxx Ransomware, and it is much more complicated than the first one. According to the notification presented by the malware, it uses a strong encryption method that is known as RSA-4096. Needless to say that without a decryption key created for your system, it is impossible to unlock the encrypted files. Although you have a chance to get your personal data back by paying the ransom, there is no assurance that the criminals behind the ransomware will give you the key. That is why you should carefully consider such possibility and decide if your files are worth enough to spend your savings. Perhaps, you occasionally back up the most important files on your computer? In that case, follow the instructions located at the end of the article and get rid of Cryptxxx Ransomware. test test

Where does Cryptxxx Ransomware come from?

It is most likely that the ransomware entered the system with a help of another malicious program. Probably, it was dropped by the so-called Angler Exploit Kit or some Trojan infection. Our researchers at Anti-spyware-101.com say that such malware could be found on malicious web pages. At this point, it is advisable to acquire a legitimate antimalware tool and scan your system with it. To ensure your computer's security, it is important to delete not only the ransomware but also other possible threats.

How does Cryptxxx Ransomware work?

Cryptxxx Ransomware is different from other similar infections because it does not use executable files. The malware creates a random CLSID folder in the %TEMP% directory and places a DLL file, which is launched by a legitimate system file called rundll32.exe. It happens because this infection modifies the legitimate file and names it as svchost.exe. Then it encrypts documents, pictures, video files, and other similar data. Lastly, it shows you a warning pop-up with the instructions from the malicious application’s creators.

The instructions explain that your data was locked with an encryption method called RSA. The malicious program’s originator created public and private keys that are 4096 bits long. Keys of such length are thought to be unbreakable, and that is stressed in the instructions. Also, it says that you are given a unique personal ID, e.g. 5AE45DC7E2AD. All the files and folders created by this infection should also be named after the unique ID number. Furthermore, Cryptxxx Ransomware gives you an opportunity to unlock your data if you are willing to pay the ransom. The instructions rush users to make the payment in bitcoins and provide a link (e.g. 2v3ojv6gnmuqiv6.onion.to) to more detailed instructions. If you want to load it, you have to get the Tor browser. The files that were encrypted may be priceless to you, and you might think about paying the ransom, but it is better not to make rash decisions. No one can guarantee you that you will get the keys needed for the decryption after you transfer the money, so it should be your last resort.

How to delete Cryptxxx Ransomware?

To remove the infection from your system, you should delete all data related to this malware. As we said earlier, Cryptxxx Ransomware’s created files should be named according to your personal ID number that is given to you. This unique ID number will be provided in the warning pop-up and in the text document that should be on your desktop. If you follow the removal instructions below you will see that we listed all locations for you. The most complicated part should be the deletion of the DLL file as it is placed in a random CLSID folder created by the infection. The DLL file itself will have a random name too, e.g. api-ms-win-system-provsvc-l1-1-0.dll. This might seem too complicated for you, so do not forget that you can install a trustworthy security tool and leave the deletion process to it.

Remove Cryptxxx Ransomware

Open the Explorer.
Go to: %TEMP%
Find CLSID folder with a random title.
Locate the malicious DLL file, right-click it and select Delete.
Navigate to: %ALLUSERSPROFILE%
Find the following files and right-click to delete them:
[Unique ID number].bmp
[Unique ID number].html
Go to: %USERPROFILE%\Desktop
Locate given files and erase them:
[Unique ID number].bmp
[Unique ID number].html
[Unique ID number].txt
Close the Explorer and empty Recycle bin.

100% FREE spyware scan and
tested removal of Cryptxxx Ransomware*

Disclaimer

Disclaimer

Trojans

Leave a comment ?

0 Comments.

Leave a Comment Cancel reply

RSS Feed

Germany

I have been involved with computer security ever since I started using computers and surfing the World Wide Web, and I like to think that, over many years, I have gained valuable experience, working with all types of infectious threats, on all kind of infected machines. My area of expertise is malware, its research and analysis, and I can spend hours investigating latest computer infections, so that PC users would be informed about the latest malicious applications and all sorts of threats that can infiltrate their computers, compromising multiple computer systems. I have joined AntiSpyware 101 to share my knowledge and provide PC users with latest malware research information and essential system news.
My Google Profile+