What is Cryptorium Ransomware?
Cryptorium Ransomware is a new infection that has been categorized as ransomware because it seeks to obtain money from computer users. Unlike older ransomware infections, it does not encrypt the users’ personal data even though the message left for users on the window opened by this threat says that all files are encrypted. Instead of encrypting users’ files stored on the computer, Cryptorium Ransomware changes their extensions. It means that files could not be opened unless their extensions are fixed, for example, vlc.png has to be changed to vlc.exe. Unfortunately, there are a number of users who believe that their files have been encrypted and decide to purchase a key (GBO KEY) to decrypt their files. At the time of writing, users cannot buy this key from cyber criminals because it is said that “all servers are down at the moment.” Because of this, it might be very true that this version of Cryptorium Ransomware is still in development and should not be actively spread. Of course, the situation might quickly change in the future, so when you read this article, this infection might already be very popular. Go to delete it ASAP!
What does Cryptorium Ransomware do?
Even though Cryptorium Ransomware is a new computer infection in the category of ransomware, it works like these older threats: it enters computers secretly, it applies changes to files it finds stored on the computer, and then it displays a ransom note. The version tested by specialists working at anti-spyware-101.com has shown that the .ENC extension replaces original extensions of files users have. Just like similar threats, it asks users to purchase the special tool to get the personal data back after all files receive a new filename extension. Luckily, you do not need to do that in this case because extensions of files can be easily fixed (a new version of this threat might work differently). Even if you wish to pay money, it would be impossible to do that because no instructions on how to transfer money are left to users. Do not try to transfer money by any means and go to delete Cryptorium Ransomware fully from the computer instead. It is because this is the only way to unlock the computer and continue using it normally. A window with the message (see below) is opened on Desktop by malware after modifying files and, since the Task Manager is blocked by the ransomware infection, the task (it has a random name) that allows the window to stay opened on Desktop cannot be killed. As a result, the elimination of malware is the only effective solution to the problem.
Oh no, you had back luck today. All your files are encrypted!
But! I have not deleted them yet! Purchase a “GBO KEY” to decrypt your files.
If not all encrypted files will be permanently deleted within 32h and then there is no way to recover them!
Be quick or no files!
*ALL SERVERS ARE DOWN AT THE MOMENT!
YOU WILL HAVE TO FIND IT OUT! OH AND THE GBO KEYS ARE ALL GENERATED RANDOMLY! >:]
As you have probably understood, it will not be possible to access Desktop, files, and programs unless Cryptorium Ransomware is removed from the computer. It is not very easy to get rid of it, but it should not be a very challenging task either because, unlike similar computer infections, it does not make changes in the system registry or create a point of execution. As has already been mentioned, it kills the Task Manager only and opens a window with the ransom note for users.
Where does Cryptorium Ransomware come from?
Cryptorium Ransomware is not distributed like ransomware infections we wrote about some time ago, i.e. it is not spread through spam emails. In most cases, users can find it on untrustworthy P2P, torrent, and similar websites. The executable file of this infection, as has been found, is often disguised as an illegal FIFA’17 game copy together with the crack. Of course, it is spread as an installer of a popular game just to reach more users and thus affect their computers. Do not download software from suspicious third-party websites because a new malicious application might sneak onto your computer again. Keep in mind that not only ransomware infections are being spread using this method, so you might end up with a bunch of malware. Users who cannot live without freeware should, at least, install a legitimate security application on their PCs and enable it ASAP.
How to delete Cryptorium Ransomware
The first thing you have to do if you wish to erase Cryptorium Ransomware manually is to launch the disabled Task Manager. Since it is blocked by the ransomware infection and it might be hard to revive it, use our manual removal instructions. Once it is successfully launched, go to kill the process of this ransomware infection (it will have a random name), and then find and delete the malicious .exe file launched. Researchers working at anti-spyware-101.com tested a version which had been installed on PC after opening VirtualUIpro.exe; however, the name of this file might change. If it happens that it is impossible to find the malicious file launched manually, open the reputable antimalware tool, e.g. SpyHunter and then perform the full system scan with it. It will make the system free of malware within seconds.
Remove Cryptorium Ransomware manually
- Press Win+R.
- Type Gpedit.msc in the box and click OK.
- Navigate to User Configuration.
- Go to Administrative Templates.
- Select System.
- Click Ctrl+Alt+Del Options.
- Right-click on Remove Task Manager.
- Click Edit.
- Put a tick next to Disable or Not Configured.
- Save the changes and close Gpedit.msc.
- Launch RUN again and type gpupdate /force. Press Enter.
- Press Ctrl+Shift+Esc to launch the Task Manager.
- Locate the process of the ransomware infection and right-click on it.
- Click End Process.
- Locate the malicious .exe file launched (e.g. VirtualUIpro.exe), which might be hiding on Desktop, %TEMP%, or %USERPROFILE%\Downloads.
- Delete it.
- Empty the Recycle bin.
- Restart the computer.
- Go to fix the extensions of your personal files to be able to access them.
tested removal of Cryptorium Ransomware*100% FREE spyware scan and