What is CryptoDevil Ransomware?
Our malware researchers have received information about a ransomware-type program called CryptoDevil Ransomware. They got their hands on a sample and tested it. Their research has shown that it is a typical ransomware-type program that can encrypt your files, so you ought to remove it. Researchers have obtained a key that should decrypt your files, but it is not guaranteed to work because this ransomware can have several versions and is known to be frequently updated. To find out more about this particular ransomware, please read this whole article as it contains the most relevant information currently available.
Where does CryptoDevil Ransomware come from?
As with most ransomware-type programs, the distribution methods of CryptoDevil Ransomware are rather elusive. Our malware analysts have received unconfirmed information that this ransomware is disseminated via malicious emails that are sent from a dedicated email server. The emails can look like they have come from legitimate companies, but you should watch out because those emails put a huge emphasis on opening the attached file that may look like a regular Word or PDF document but get your PC infected with CryptoDevil Ransomware. The exact methods used to trick you into opening the emails are unknown as well as the malicious files and code used to get it onto your PC. Also, it would appear that this ransomware’s main executable is named randomly and placed in a different hidden location in each case, so detecting and deleting it manually can prove a to be a challenge.
How does CryptoDevil Ransomware work?
The sample that our researchers tested appeared to be a test build that encrypted the files that were on the desktop only. It appended the files with that the “.devil” file extension but did not change the original names of the files. Researchers say that this ransomware should, at the very least, encrypt file types such as .doc, .docx, .pdf, .db, .jpg, .png, .ppt, .pptx, .txt, .xls, .xlsx, .dll, .lnk, and .exe. Nevertheless, this includes files that are most likely to contain personal and, thus, valuable information.
When this ransomware completes the encryption, it renders a pop-up window demanding that you pay a ransom for the decryption key needed to get your files back. Researchers say that the amount to be paid can vary between 20 and 100 USD. Note that the sum to be paid depends on how long you waited to pay because the ransomware is set to increase by 20 USD after 10 hours and 30 USD after 24 hours, and so on. However, the ransom is set to be paid in Bitcoins, and after you send the money, you need to contact the developers at email@example.com to receive your unique decryption key. However, our malware analysts have found that you can close the pop-up by pressing Alt+F4 or enter the "dm9jZWV1bWZyYWNhc3NhZG8=" decryption key (without quotes) into the "Insert This Key" field. There is no telling whether this key will work for you but it is worth the try.
How do I remove CryptoDevil Ransomware?
As you can see, CryptoDevil Ransomware is a highly malicious application that can encrypt your most valuable files. Thankfully, you can use the decryption key provided in this article to decrypt them, but it might not work all of the time because this ransomware can have several versions already. In any case, you should remove this ransomware, and you can do that manually, but we suggest that you use SpyHunter’s free scanner to detect it and then go to the location where the ransomware is stored and delete it manually.
Delete this ransomware manually
- Go to http://www.anti-spyware-101.com/download-sph
- Download SpyHunter-Installer.exe and run it.
- Launch the program and click Scan Computer Now!
- Copy the file path of the malware from the scan results.
- Hold down Win+E keys.
- Enter the file path of the malware in File Explorer’s address box.
- Press Enter.
- Find and right-click the malicious file and then click Delete.
tested removal of CryptoDevil Ransomware*100% FREE spyware scan and