Cryptofag Ransomware

Posted by Lisa Blanc on February 8, 2017

What is Cryptofag Ransomware?

Cryptofag Ransomware is a malicious application created only for money extortion. Thus, the malware should encrypt the most valuable files on the victim’s computer or in other words take the data on the device as a hostage. Then, the infection should show a ransom note explaining the situation and demanding to contact the threat’s creators. Once you get in touch with these people, they should inform you how much you need to pay for the decryption tool and how to transfer the money. However, even if it is your last option, we advise against paying the ransom. There is a high risk you may not get the decryption tool and so lose your money for nothing. Instead, we would encourage users to erase the malware from the system and look for other ways to restore their damaged files. If you need any help while eliminating Cryptofag Ransomware, you could check the instructions placed below.testtest

Where does Cryptofag Ransomware come from?

Threats like Cryptofag Ransomware can be distributed in various ways, but this time the malware’s creators might have chosen to spread it with infected email attachments. Keep it in mind that the malicious files carrying the ransomware might not even appear as harmful as they could look like PDF, Microsoft Word, Excel, or other documents. Therefore, avoiding the malware might seem to be harder than it looks. We would advise users to avoid opening suspicious email attachments or scan such data with a legitimate antimalware tool that could identify threats. This way you would check doubtful files without risking the computer’s security.

How does Cryptofag Ransomware work?

The malware is launched as soon as the user opens a malicious file. According to our researchers at Anti-spyware-101.com, Cryptofag Ransomware should work from the directory where it was downloaded without creating any folders or placing executable files. Once launched the malicious application might begin the encryption process, during which it could encipher your documents, pictures, photos, videos, and other files placed on the infected computer. At least this is how the threat is supposed to act since most of the ransomware applications work this way. Our researchers cannot be one hundred percent sure because the sample they tested did not encipher any data.

Either way, even if the malicious application does not encrypt any data, it should still drop a ransom note titled as HACKED.OPENME. It is a text file so it can be opened with a simple Notepad. The text inside it says “you are HACKED. your files are LOCKED. i have the KEY to unlock them.” In the rest of the note, the infection’s creators explain how to contact them via email. If you do so, they would most likely demand you to pay a ransom and promise to send a decryption tool in exchange. Needless to say, these people cannot be trusted and even if you do as it is told there are no guarantees you will get the decryption tool.

Furthermore, the text also mentions another file that Cryptofag Ransomware may drop if it enciphers data on the computer. The file should be placed in the C:\Users\{user name}\Documents directory; it might have a name from random digits, e.g. 606681.log. Inside it there should be a list of all encrypted files, so by opening it, users can see which files were damaged. If you have a backup or perhaps some copies on removable media devices, you could try to restore the listed data. Of course, for safety measures, it would be smarter to get rid of the malware first.

How to erase Cryptofag Ransomware?

The malware could be removed manually if you delete the suspicious file you downloaded and launched before the system got infected with Cryptofag Ransomware. To help users find this malicious file faster, we listed a few possible directories in the manual deletion instructions located below. They will also show you what other files need to be erased. If such a task seems a bit too complicated, you could get a legitimate antimalware tool. It might make the task much easier as the tool could detect the threat automatically and so help users remove it faster. Nonetheless, if you need more help or have some questions, you can write a comment below or reach us via social media.

Eliminate Cryptofag Ransomware

  1. Open the Explorer.
  2. Navigate to directories where the suspicious file might have been saved, e.g. Downloads, Desktop, Temporary Files, and so on.
  3. Select the malicious file and press Shift+Delete.
  4. Select files called HACKED.OPENME separately and press Shift+Delete to remove them permanently.
  5. Go to C:\Users\{user name}\Documents
  6. Find a file containing the list of encrypted data, e.g. 606681.log and erase it too.
  7. Exit the Explorer and reboot the computer.
100% FREE spyware scan and
tested removal of Cryptofag Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *