CryptoDefense (also known as HOW_DECRYPT.txt) is a very dangerous cyber infection, which belongs to ransomware category. The most important thing about this virus is that it can encrypt all your text files, videos, office documents and similar data. According to experts, CryptoDefense is still incapable to affect Macs but it can easily attack all Windows versions, such as Windows XP, Windows Vista,Windows 8, etc. Similarly to previous ransomwares, this variant displays a huge alert after taking over its target PC system. This warning claims that all files were encrypted by CryptoDefense Software and says that the victim needs to obtain the private key in order decrypt them. Of course, this service is not for free – scammers ask paying $500 in bitcoins. If you fail to pay, they promise that after 4 days the ransom will be doubled.
How can CryptoDefense infect my computer?
Unfortunately, there is still no method to decrypt files that were encrypted by CryptoDefense virus. Even restoring files via backup fails. That's why it's very important you to understand how to avoid this ransomware. The most important thing in this situation is to ignore all unfamiliar emails that typically report about nonexisting purchases, payments and similar things could make people click on the malicious link. Similarly to CryptorBit and CryptoLicker viruses, it may also enter you PC in a bundle with fake Flash and Java updates, so ignore all unexpected alerts offering downloading them for free. As soon as CryptoDefense virus enters the system, it encrypts data files and starts showing this notification:
All files including videos, photos and documents on your computer are encrypted by CryptoDefense Software.
Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.
The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet;
the server will destroy the key after a month. After that, nobody and never will be able to restore files.
CryptoDefense instructs people how they can pay the ransom and purchase a tool for decryption. For that, they need to visit specific site, enter their unique key and then reveal how much bitcoins they need to pay. As we have said, delaying this may increase the amount of ransom and instead of 500 dollars you may have to pay a 1000 dollars in bitcoins.
How to remove CryptoDefense virus?
As we have already mentioned, users can't restore the connection to their files by using System Restore when infected with CryptoDefense virus. They can only prevent their infiltration by installing reliable anti-malware tools that will help them block malicious sites and fraudulent downloads. Our recommended applications are SpyHunter, STOPzilla or Malwarebytes Anti Malware. For bypassing system's block, you can try following these steps:
- Reboot you infected PC to 'Safe mode with command prompt' to disable virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated anti-spyware.
However, if this works for you, it works just for unblocking computer..
We highly recommend thinking about the prevention of such infections. For that you can use previously mentioned programs. Besides, don't forget to think about the immunity of your files and backup. For that you can use USB external hard drives, CDs, DVDs, or simply rely on online backups, such as Google Drive, Dropbox, Flickr and other solutions.
Finally, read this post and know more details how to avoid Cryptolocker and other ransomware viruses:
Trying to avoid ransomware or make it useless? Here are some tips.
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
and Agreement of Use