Get the 411 on Spyware
CryptoCat Ransomware Removal Guide
CryptoCat Ransomware is a new threat that can encrypt your most important personal files, which could easily mean losing them for good. Of course, the authors of this dangerous ransomware program claim that they will send you the private key that was generated for your computer if you transfer the demanded fee. Although it is possible that in certain cases cyber crooks actually decrypt your files or send you the key, in the majority of ransomware hits, they could not care less about your encrypted files. The sad truth is that unless you make regular backups onto portable devices that could be used to transfer your clean files back to your hard disk, there is little chance for you to recover your files. We suggest that you remove CryptoCat Ransomware immediately even if this could mean the loss of your files. But this is your decision to make.
There are two possible ways for you to get infected with this major threat. First, you may land on a suspicious torrent, gaming, or freeware website where you click on corrupt third-party content, such as a banner or pop-up advertisement. This is quite likely to happen when you are viewing an unfamiliar website because you could be misled by disguised third-party content, including fake download and next-page buttons. Although you may not visit such sites knowingly or purposefully, it is possible that you get redirected there after clicking on a web search result when looking for free files or software to download. But you can also be redirected to such malicious pages if your computer is infected with malware, such as adware programs or browser hijackers. If this ransomware entered your computer in any of these ways, it will not be enough for you to delete CryptoCat Ransomware; we recommend that you also run a system malware scan to identify all possible threats.
Another way for this dangerous program to show up on your computer is via spamming campaigns. This infection can sneak onto your hard disk when you save and open the malicious attached file in a spam mail. This file can pose as a legal document of some sort, an image of an unsettled invoice, or anything else that would be likely to be of interest to you to see right away. As you can see, it is essential to be prudent when it comes to opening mails in your inbox and downloading file attachments. When in doubt, always double-check with the sender about the validity of the attached file.
This ransomware seems to use the RSA-2048 encryption algorithm to take your files hostage. This means that the whole encryption process could take as little as a few seconds up to one minute depending on the number of files affected and the performance of your computer. The encrypted files get a ".cryptocat" extension, which makes it easy to identify this threat. A text file is also created on your desktop called "Your files are locked !.txt," which is the ransom note. When the encryption is finished, your desktop background is replaced with a scary-looking image and the same note that you can find in the aforementioned text file.
These criminals demand 1.45 Bitcoins (around 870 USD) to be transferred to the Bitcoin wallet provided in the ransom note. You also find information about how and where to buy Bitcoins to make sure that you know what to do. You are given 1 week to pay the ransom fee and contact these crooks via one of these addresses: "mls82@hush.ai" or "mls82@bk.ru." This fee definitely requires some considerations on your part. For example, are the files you store on your hard disk worth that much? Are they worth the risk of losing 870 dollars if the criminals do not send you the private key? But, in the end, whether you pay or not, you need to remove CryptoCat Ransomware if you want to use a clean computer.
Since this infection does not seem to block any of your system processes, you do not need to restart your computer in Safe Mode to be able to delete CryptoCat Ransomware and the related files. This threat may use a random file name, which you need to be able to locate and identify to eliminate this malicious program. You also need to bin the file you downloaded from the spam e-mail if this is how you got infected. We have prepared a step-by-step guide for you, which you can find below this article. In this guide we offer you possible locations to look for any suspicious or unknown files that were created only recently. Of course, this manual removal could be all Greek to you, and you may prefer an automated solution. Therefore, we advise you to download and install a trustworthy anti-malware program as soon as possible to clean and protect your operating system as well as the files and data you store on your hard drive.
How to remove CryptoCat Ransomware from Windows
- Press Win+E to open Window File Explorer.
- Delete the malicious file you saved from the spam mail.
- Find and bin the random-name suspicious .exe file ("*") from these possible folders:
%ALLUSERSPROFILE%\Start Menu\Programs\Startup\*.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
%USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
%WINDIR%\Syswow64\*.exe (64-bit)
%WINDIR%\System32\*.exe - Delete "Your files are locked !.txt" and all other unknown files with random names from your desktop.
- Press Win+R and type regedit. Press OK.
- Delete the random-name ("*") registry keys if found:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\* (value data: “%WINDIR%\Syswow64\*.exe”) (64-bit)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\* (value data: “%WINDIR%\System32\*.exe”) - Exit the editor and empty your Recycle Bin.
- Restart your computer.
