Cryptedx Ransomware

Posted by Sarah Stewart on January 16, 2018

What is Cryptedx Ransomware?

There is a new variant of the malicious Xorist Ransomware, and it is called Cryptedx Ransomware. When this malicious infection finds its way into your operating system, it does not waste any time. It starts encrypting files right away. The bad news is that this malware can target all kinds of personal files found on your system. According to our research, this infection can encrypt files in the %HOMEDRIVE% directory, which is where you are likely to store at least some of your personal files. The files that it can corrupt include those with .htm, .jpg, .wav, .txt, .zip, and .doc extensions. Speaking of extensions, when the ransomware corrupts files, it adds a unique extension, “.cryptedx.” If you find a file with it appended to its name, there is no doubt that this file is corrupted. So, how do you decrypt these files? Well, we have some good news for you. According to Anti-Spyware-101.com researchers, a decryption tool offered by Emisoft appears to be capable of decryption. Unfortunately, that is not all you need to take care of. You also need to delete malware. It is most important that you remove Cryptedx Ransomware.testtesttest

How does Cryptedx Ransomware work?

When Cryptedx Ransomware encrypts files, it quickly creates a file named “HOW TO DECRYPT FILES.txt.” This file represents the same message that should also be shown via a pop-up called “Error”. The message below is considered to be a ransom note.

Attention! All your files are encrypted!
To restore your files and access them, please send a mail to www@lass.33mail.com
You have 5 attempts to enter the code.
When that number has been exceeded, all the data irreversibly is destroyed.
Be careful when you enter the code! WTF!

WTF, indeed. You can assume that a code would be presented to you if you emailed cyber criminals, but that is not what would happen. First, you would be asked to pay for this code. If you made the payment, a code should be offered next, but that is unlikely to happen. We do not recommend that you contact the creator of Cryptedx Ransomware in the first place because you do not want them to record your personal email address. Disclosing this information can be very dangerous because malware distributors can spread malicious infections using spam emails. In fact, Cryptedx Ransomware itself might have entered your system in this way. Since a decryption tool appears to exist, there is no reason why you should even consider paying the ransom. But even if a tool like that did not exist, you should not pay the ransom. In cases like this, you could recover your files only if you had backups. Do you back up your files regularly? We hope you do because with so many ransomware infections emerging every day, this is the best defense mechanism. As long as your personal files are backed up, no threat can harm them. If you have backups, you can remove the corrupted copies and then move your personal files from backup back onto the computer (if you need that). Afterward, focus on deleting Cryptedx Ransomware.

How to remove Cryptedx Ransomware

You must delete Cryptedx Ransomware from your system as soon as possible. Whether you decrypt files using a special decryption tool or you recover them from backup, you need to do it fast. When it comes to the removal, you have several options. You can install an anti-malware program to find and delete malicious components manually. This is, by far, the best option you have because you also could use the protection provided by this software. What if you choose to remove Cryptedx Ransomware manually? That is an option for sure, but you will need to perform quite a few different steps, and if you are not experienced, they might appear to be quite complicated. If you are determined to follow our guide, remember that we are here if you need help. Use the comments section to communicate with us, and we will help you as soon as possible. Another thing to remember is that even if your system is clean, it is not protected against malware. If you do not want to risk inviting ransomware or other kinds of malware in again, you need to figure out a way to safeguard your system.

Removal Instructions

N.B. If you wish to decrypt your files, you should do that before you continue with the steps below.

  1. Launch Explorer by tapping keys Win+E on the keyboard.
  2. Enter %TEMP% into the bar at the top.
  3. Right-click and Delete the {random name}.exe file (make sure it is malicious before erasing it).
  4. Launch RUN by tapping keys Win+R on the keyboard.
  5. To access the Registry Editor enter regedit.exe into the RUN dialog box and then click OK.
  6. Navigate to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run.
  7. Right-click and Delete the value named Alcmeter (it represents the .exe file in the %TEMP% directory).
  8. Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  9. Repeat step 7.
  10. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
  11. Right-click and Delete the key named .cryptedx.
  12. Navigate to HKLM\SOFTWARE\Classes\.
  13. Repeat step 11.
  14. Right-click and Delete the key named NTGQBAPSQKOSXWE.
  15. Empty Recycle Bin to eliminate the ransomware completely.
  16. Install and run a legitimate malware scanner to look for malicious leftovers. 100% FREE spyware scan and
    tested removal of Cryptedx Ransomware*

Stop these Cryptedx Ransomware Processes:

a08980b08e6ff178a0f115b0e6010205ff576bee51167498afce891b5b915bf7.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *