JohnyCryptor Ransomware

What is JohnyCryptor Ransomware?

It does not take long to realize that JohnyCryptor Ransomware has invaded your operating system because this malicious infection changes the background of your Desktop with an intimidating message after encrypting your personal files. Besides encrypting personal files, such as photos, videos, music, documents, text files, and so on, it also encrypts executables (.exe files) rendering most applications unresponsive. Of course, the malicious ransomware does not touch the files in the %WINDIR% directory, as this could disrupt the running of the entire system. If you look at how this infection works and where it has originated from, it is easy to compare it with Saraswati Ransomware, also known as the Mahasaraswati Ransomware. Whichever one of these infections enters your operating system, you have to remove it as soon as possible. Unfortunately, deleting JohnyCryptor Ransomware or any other ransomware infection is never easy because it often involves making some hard decisions.testtesttest

How does JohnyCryptor Ransomware work?

JohnyCryptor Ransomware encrypts executable files because it is meant to stop you from browsing the web, using anti-malware software, or employing tools that could help you delete malware. All of this is meant to make you feel helpless against the demands of the creators of the malicious ransomware. Besides representing these demands via the Desktop notification (“How to decrypt your files.jpg”), it also creates a text file called "How to decrypt your files.txt". Both of these “tools” carry the same message, which is that you need to contact (or if the first one fails). If you email this address, you are likely to receive instructions asking to pay a ransom, most likely in Bitcoins, which is a virtual currency. If you pay the ransom as told, you might be scammed, and your precious files might remain locked. Unfortunately, this is a risk you need to consider before you make the payment. Another risk with following the demands of cyber crooks is that they might use your email address to scam you in the future. If you want to prevent this from happening, you should not contact cyber crooks.

The files that JohnyCryptor Ransomware encrypts are very easy to identify because they have a very unique extension attached to them: “.id-{random ID}”. As you can see, the email address is added to the extension, and this is done to remind users what they are expected to do every time they find an encrypted file. The “random ID” portion in the extension is a unique identifier that every user has, and this is what helps cyber criminals to distinguish between victims. According to researchers, you need a decryption tool to decrypt your files, but it is unsure whether or not third-party tools can help you out. Obviously, it is worth looking into other options if you are trying to get your personal files back. In the best case scenario, your files are backed up in an external drive or an online storage cloud, and you can access them after you remove JohnyCryptor Ransomware and the encrypted copies of your files. If your files are not backed up, you are in a predicament. Hopefully, you can find a way to decrypt your files, and if they are not worth decrypting, you should just let them go. In any case, you MUST remove the ransomware as soon as possible because it will continue encrypting new files until you do.

How to delete JohnyCryptor Ransomware

JohnyCryptor Ransomware is a vicious infection that you need to erase from your operating system as soon as you possibly can. The removal process is not too complicated but it requires some knowledge of the operating system and malware, and, if you do not have it, it might be a good idea to employ automated malware detection and removal software. Considering that only this software can guarantee reliable full-time protection against malware, we recommend installing it even if you are experienced at malware removal. If you still want to try erasing the threat manually before implementing trustworthy security software, you can use the guide below. Note that JohnyCryptor Ransomware copies itself to different directories, and the name of its executable is random, which might make it more difficult for you to identify it. If you are having any troubles with the removal process, comment down below.

Removal Instructions

  1. Launch Explorer (tap Win+E keys together).
  2. Enter %WINDIR%\System32 (or %WINDIR%\SysWOW64) into the address bar.
  3. Delete the .exe file with the random name (you will find a file with the same name in the next directory).
  4. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup into the address bar.
  5. Delete the .exe file with the random name.
  6. Delete the How to decrypt your files.jpg and How to decrypt your files.txt files.
  7. Restart your operating system.
100% FREE spyware scan and
tested removal of JohnyCryptor Ransomware*

Leave a Comment

Enter the numbers in the box to the right *