Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Sep 2022

How to remove CRYPTCAT ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Julie Splinters · Anti-malware specialist

CRYPTCAT ransomware is a malicious computer program designed by criminals for the purpose of extortion

CRYPTCAT ransomware

CRYPTCAT is a ransomware-type virus designed to infect Windows computers and lock all personal files on them. The ultimate goal of the attackers is to make people pay the ransom in digital currency, and the more people do so, the more illegal profits they get. Of course, this is really damaging to users, as they are risking not only losing their personal files but also the money they might pay as a ransom.

Upon infiltration of the system, CRYPTCAT ransomware immediately encrypts[1] all pictures, documents, databases, videos, and other valuable files, appending the .crxxx extension to each of them (contact email and victim's ID are also present on each of the altered files). This way, all the data can no longer be opened, regardless of which program is used to do so; for example, a picture won't open regardless if the Photos app or Paint is used.

In the #_README-WARNING_#.TXT ransom note, crooks explain in detail what has happened and how users can allegedly remediate the situation – pay the ransom. For communication, they provide hopeandhonest@smime.ninja and hopeandhonestt@gmail.com emails.

Name CRYPTCAT virus
Type Ransomware, file-locking malware
File extension .crxxx
Ransom note #_README-WARNING_#.TXT
Contact hopeandhonest@smime.ninja and hopeandhonestt@gmail.com
File Recovery If you want to guarantee the safety of your files, the only secure way to restore them is by using data backups. If you don't have any available or they were encrypted as well, options for recovery are very limited – see all possible solutions below.
Malware removal Disconnect the computer from the network and internet and then perform a full system scan with SpyHunterCombo Cleaner security software
System fix If malware manages to infect your device, it might severely damage or delete some vital system files – which often leads to crashes, errors, and other stability issues. You can use FortectIntego PC repair software to automatically fix any such damage by replacing corrupted files

The note from the ransomware authors and how to react to it

CRYPTCAT virus is new in the cybersecurity landscape – it is yet another way to monetize via the illegal ransomware business. Since malware operation is highly anonymous and there don't seem to be any similarities with more established ransomware strains like Djvu or Zeppelin, it is likely to be yet another group of people willing to monetize the incredibly lucrative ransomware business.

Just like any other malware of this type, it seeks to profit from ransom payments. The only way victims will pay is if they are provided with the information on how to do so, and that's precisely what the #_README-WARNING_#.TXT ransom note is there for. Here's the full text shown within the text file:

##############################################################
###### ALL YOUR FILES  ENCRYPTED BY CRYPTCAT RANSOMWARE ######
##############################################################
##############################################################

YOUR FILES ARE SAFE!
WE STRONGLY RECOMMEND you NOT to use any “Decryption Tools”.
These tools can damage your data, making recover IMPOSSIBLE.

To get RSA private key you have to email us: >> {hopeandhonest@smime.ninja
or hopeandhonestt@gmail.com} <<
and send us your tell your MachineID: >>  <<

HOW to understand that we are NOT scammers?
You can ask SUPPORT for the TEST-decryption for ONE file!

If I don’t want to pay bad people like you?
If you will not cooperate with our service – for us, its does not matter.
But you will lose your time and data, cause only we have the private key.
In practice – time is much more valuable than money.

Please contact us before paying.
After the successful payment and decrypting your files, we will give
you FULL instructions HOW to IMPROVE your security system.
We ready to answer all your questions!

In a typical fashion of trying to convince victims to pay the ransom, crooks even declare they can provide a free decryption service of one or a few files which hold no valuable information in order to prove that the decrytpion is actually possible. In fact, they even affirm to users that they are indeed not scammers.

CRYPTCAT ransomware virus

However, we recommend not taking these words at face value, as there is simply no guarantee that hackers would deliver the decryption tool that would restore the encrypted CRYPTCAT virus files back to normal. Instead, we recommend choosing an alternative route and trying the other methods we show below, although don't forget that malware elimination should always come first.

Removal of ransomware

For first-time ransomware victims, the malware can be especially confusing and difficult to understand. Ransomware usually involves data encryption, which means that even after the virus is gone, your data may still be corrupted. There are also many characteristics that users don't know about ransomware, so making mistakes could result in permanent data loss in some cases.

Thus, it is critical to use the proper methods when removing malware. To begin, you must ensure that the virus is unable to communicate with a remote Command & Control[2] server, which attackers frequently employ in order to issue commands for execution. In certain circumstances, additional payloads may be delivered to your computer, resulting in even more damage.

Therefore, your first task is to make sure that the connection between malware and the remote server is broken, and the only way of doing that is by disconnecting the system from the internet and network. Here's how:

  • Type in Control Panel in Windows search and press Enter
  • Go to Network and InternetNetwork and internet
  • Click Network and Sharing CenterNetwork and internet 2
  • On the left, pick Change adapter settingsNetwork and internet 3
  • Right-click on your connection (for example, Ethernet), and select DisableNetwork and internet 4
  • Confirm with Yes.

Once you've confirmed the system isn't connected to any network, use sophisticated anti-malware software to perform a full system scan. Programs like SpyHunterCombo Cleaner or MalwarebytesMalwarebytes can detect and remove all malicious components from the system as well as any secondary payloads that might be present.

How to recover data without paying

After the malware is eliminated from a system and its affected network, the encrypted data will not be reverted to its previous condition. This is because decrypting involves the use of a unique key, which is held by ransomware perpetrators on the said remote server.

The best way to prevent your personal data from being held captive in a ransomware attack is to have backups of all your important files. If you don't have any backups prepared, recovering your CRYPTCAT ransomware-encrypted data might prove to be quite difficult.

Without backups, you can either use data recovery software or wait for a decryptor tool to become available. Keep in mind that if you don't already have working backups, it's advisable that you make copies of all encrypted files so as not accidentally corrupt them during the process of trying to recover them.

  • Download Data Recovery Pro.
  • Double-click the installer to launch it.
  • Follow on-screen instructions to install the software.Install program
  • As soon as you press Finish, you can use the app.
  • Select Everything or pick individual folders where you want the files to be recovered from.
  • Press Next.
  • At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  • Press Scan and wait till it is complete.
  • You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  • Press Recover to retrieve your files.Recover files

Experts in the field of digital forensics are frequently employed on decryption tools for prominent ransomware variants. In some circumstances, flaws in the encryption method may be identified or criminal servers seized by law authorities agencies. Regardless, you can check for decryptors on the following pages, but keep in mind that it might take a long time before there's a working one available.

No More Ransom Project

Fix your damaged system times

After virus infection, Windows is no longer the same; certain system files could be damaged or even deleted. This can lead to system instability, including crashes, program launches that fail to complete properly, BSODs,[3] and other problems. If you're having difficulties launching programs or experiencing other issues after removing the malware, utilize data recovery software as described below.

  • Download FortectIntego
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.