Severity scale:  
  (99/100)

Crypt.Locker ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - -   Also known as Epic ransomware virus | Type: Ransomware
12

Crypt.Locker ransomware makes all your files epic: what to do when such malware hits your PC?

Although Crypt.Locker ransomware name resembles the infamous CryptoLocker virus, these malware variants are entirely different. The author of Crypt.Locker virus is the same one who has developed the infamous JigSaw, CryptoHitman, and Payransom ransomware. However, this time the virus is not Billy the Puppet-themed[1], but features a picture of a man wearing Anonymous mask. The ransomware corrupts files by applying secure cipher on them. Each affected file gets a .epic extension (that is why this virus has another name – Epic ransomware [2]). After encrypting files, the virus displays a window that types out a message for the victim. The virus says:

Very bad news! I am a so-called crypt.locker […]

The virus says that it finished encrypting data, stealing private information such as logins, passwords, email and private conversations, uploading it to a secret server, and now it awaits for victim’s money, otherwise the virus promises to share “every private conversation or email of yours” it could find with victim’s contacts. In addition to that, virus warns not to close it or shut down the compromised PC – otherwise, the culprit would become very angry. In fact, it does – as the virus promises to delete one file every hour of non-payment, it eliminates 1000 at one in case the victim restarts the computer[3]. Crypt.Locker malware differs from previous JigSaw versions because it asks for a very large sum of money – over $5000. The virus asks to send “at least” 5 grand, which is funny because considering the ransom price, hardly someone would pay it, not to mention larger sums.

Picture showing Crypt.Locker ransomware

Although we recommend you to remove Crypt.Locker virus using anti-malware tools like Reimage, we also recommend you to be very careful and deal with Crypt.Locker removal attentively if you do not want to lose a large number of precious files. Therefore, do not reboot your PC without reason, and better do not try to get rid of this virus manually. Please read instructions on how to remove this virus from the system that our experts have prepared – you can find them under the article.

How does the virus slither into the system without showing any notifications?

Viruses, unlike regular programs, do not feel the need to inform the computer user about themselves before completing filthy tasks in the system. This particular virus appears in the form of firefox.exe and drpbx.exe processes that slow down the computer system. However, since they represent Firefox and DropBox, computer users might mistake them for legitimate programs and let them function. However, you must learn how such malicious viruses manage to infiltrate the system without letting the computer user know. Most of the time, ransomware travels attached to fraudulent email messages, but can also be downloaded along unofficial software updates (Java or Adobe). The latest Jigsaw distribution technique is tricky – currently, the virus is being distributed in the form of Electrum Coin Adder, which, instead of stealing Bitcoins from others pilfers victim’s Bitcoins and installs Jigsaw(Crypt.Locker) virus on the computer. This particular version is programmed to activate itself after December 23rd this year to bring “a little present” for Christmas. Be careful!

How to remove Crypt.Locker ransomware?

Crypt.Locker virus is considerably more harmful than other viruses because it can actually get rid of your personal files rather than encrypting them and leaving them in the system. While there is a chance to do something with encrypted data (because malware researchers can create a free decrypter after a while, or, in the case of TeslaCrypt[4] or Crysis[5] – decryption keys can be unexpectedly leaked online. To remove Crypt.Locker malware, install anti-malware software and use it only after you reboot your in a Safe Mode (as explained below). Read these Crypt.Locker removal guidelines carefully and make no mistakes if you do not want to loose a thousand of precious files unintentionally.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Crypt.Locker ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Crypt.Locker ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual Crypt.Locker virus Removal Guide:

Remove Crypt.Locker using Safe Mode with Networking

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Crypt.Locker

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Crypt.Locker removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Crypt.Locker using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Crypt.Locker. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Crypt.Locker removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Crypt.Locker from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Crypt.Locker, you can use several methods to restore them:

Try using Jigsaw decryption tool

You can try to decrypt your files using JigSaw decryption tool by a researcher M.Gillespie. Reportedly, this tool works for files encrypted by Jigsaw versions that add one of these extensions: .epic, .fun, .btc, .porno, .pornoransom, .payransom, .AFD, .payms, payrms, paymts, paymrts, .paym, .pays, .kkk, .gws. You can download it from here: Jigsaw Decrypter.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Crypt.Locker and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References


  • Suzan

    How to decrypt the goddamn files!?

    • Dropbeatz

      there is no way. I have been browsing the Internet for half a week and no luck yet.

      • Felica

        I have a backup and managed to restore part of lost data. Delete the virus and recover some files from any data storage devices you have, for example, import pictures from your phone, check what you have in dropbox, email account, USBs, and so on. You will be surprised how many files you can recover 😉 thats my advice you guys. Good luck

  • Jennet

    Eliminated the virus, but whats the point if I dont have my files… However, I would never pay a ransom, no matter how disappointed I am right now. Anyways, thanks, 2-Spyware team. At least I can use my PC again…