Severity scale:  
  (97/100)

Cryptes ransomware. How to remove? (Uninstall guide)

removal by Lucia Danes - - | Type: Ransomware

Cryptes ransomware – a cryptovirus that holds files hostage and demands payment in Bitcoin for their release

Cryptes ransomware
Cryptes ransomware is a dangerous virus that renders all personal files inaccessible

Cryptes ransomware is a file locking virus that first showed up at the end of July 25th, 2018. As it is a variant of DCRTR ransomware, it uses a combination of AES, SHA,[1] RSA to lock up files and appends .cryptes extension. As soon as the encryption process is finished, HOW TO DECRYPT ALL MY FILES.txt ransom note is downloaded to the victims' computers and placed into each of the affected folders. Users can view the file and see that hackers demand an unknown amount of Bitcoin to be paid for data release. To find out the price and receive further instructions, users need to contact Cryptes ransomware authors via dekode@qq.com.

SUMMARY
Name Cryptes
Type Ransomware
Encryption algorithm AES, SHA, RSA
Extension .cryptes
A variant of  DCRTR ransomware
Distribution Spam emails, unprotected RDP, malicious websites, etc.
Symptoms Unusable files
Elimination Use automatic removal method – choose Reimage or Plumbytes Anti-MalwareNorton Internet Security

Cryptes ransomware typically infiltrates users machines when they are not careful enough when surfing the internet or opening emails from unknown sources. Hackers often use phishing emails and high-risk websites (such as file-sharing, torrents) to make sure that the virus gets distributed. Thus, if you do not take high risks, you will never have to worry about Cryptes ransomware removal.

As soon as the malicious payload of Cryptes is executed, the malware modifies the system's settings and starts a scan. It looks for the data to encrypt, and skips system, executables, and few other files. Hackers do not want to destroy your computer, and they just want to extort money. That is why the virus skips system files – the machine needs to operate correctly.

However, every personal file (.jpg, .doc, .dat, .img. .pdf, etc.) is systematically locked and .cryptes extension is added. From that point, users cannot access their files anymore. Note that the data is not corrupted in any way, it simply requires decryption key, which is stored on a Command and Control server that only malware authors have access to.

Users are informed of what happened in a ransom note HOW TO DECRYPT ALL MY FILES.txt which becomes available for victims to view. It is unknown what amount Cryptes ransomware authors want, but they most certainly want Bitcoins – a digital currency. This way, they can stay anonymous during the transaction, as a personal bank account is easily traceable. Although Bitcoin wallets are more pseudonymous rather than anonymous, cybercrooks manage to bypass traceability by using various tools, such as VPNs and proxies.[2]

Here's the fragment from the ransom note:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail: dekode@qq.com
In case of no answer in 24 hours write us to theese e-mails: supdecrypt@foxmail.com or supportdecryption@cock.li
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. 
Free decryption as guarantee

As a “proof” cybercriminals promise to decrypt five files (up to 10MB) for free. Ironically, they even warn victims of being scammed by other parties.

However, it is unwise to contact crooks, as these people can not be trusted. Just think about it – if they managed to lock up your files to gain illegal profit, what obligates them to take your money and never reply? Besides, if you do contact them and receive Cryptes decryptor, you are highly likely to be a target for the future attacks.

Therefore, do not give in to hackers' menace and remove Cryptes ransomware from your computer. To ensure proper elimination, use Reimage or Plumbytes Anti-MalwareNorton Internet Security. Only then you can proceed with file recovery procedure (note that official decryptor for Cryptes ransomware does not exist yet, but you can get your data back from backups or by using third-party software).

Visit your Inbox with care – ransomware can be hidden inside malicious emails

People usually do not pay attention to dangers until the unfortunate events happen to them. That is precisely how it works with malware as well. Users are careless and tend to avoid anti-malware software due to costs or pure laziness. However, keep in mind that once files are encrypted by ransomware, the chance of getting them back is quite low, unless the official decryption tool is released (in some cases it might take researchers years to develop one).

To avoid such a scenario, make sure you follow these simple rules:

  • Spam emails are the most prominent malware distribution methods. Therefore, think twice before viewing every email that comes your way. If needed, scan the attachment with anti-malware software and always mouseover hyperlinks that might be present inside;
  • Employ reputable security tools. These applications are necessary for every computer user that uses the internet. Anti-virus program's database is continually updated, so malware can be blocked before it enters the machine;
  • Avoid malicious websites. Users can sure be redirected to suspicious websites, but they should never click on links or pop-ups that appear there. Additionally downloading executables (keygens, cracks) or cracked software on dubious file-sharing sites can lead to ransomware infection;
  • Backup your files. If you have that step complete, you do not need to worry about anything. However, make sure that you do not connect your external device to the infected computer, as all backup data will be encrypted as well.

Get rid of Cryptes ransomware by using powerful security tools

Cryptes ransomware removal should not be executed manually, as experts[3] note. This procedure is complicated and should only be practiced by trained IT professionals. If you proceed with it, you might damage your system files beyond repair. Therefore, leave the job to anti-malware software instead. Before performing the scan, make sure that the latest virus database is being used.

In some cases, the malware might block the correct operation of the security suite. In such a case, enter Safe mode with networking as explained below. As soon as you remove Cryptes virus, you can proceed with file recovery – you can find instructions below. Nevertheless, if you do not possess a backup, the chance of retrieving data is quite low.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Cryptes ransomware you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Cryptes ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Cryptes ransomware (2018-08-02)
Malwarebytes
We have tested Malwarebytes's efficiency in removing Cryptes ransomware (2018-08-02)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Cryptes ransomware (2018-08-02)
Malwarebytes
We have tested Malwarebytes's efficiency in removing Cryptes ransomware (2018-08-02)

To remove Cryptes virus, follow these steps:

Remove Cryptes using Safe Mode with Networking

If .cryptes ransomware is blocking your anti-virus program, enter Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Cryptes

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Cryptes removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Cryptes using System Restore

Disable malware using System Restore:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Cryptes. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Cryptes removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Cryptes from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Although crooks might ask as little as $25 for file recovery, it is not worth taking the risk. By contacting them, you put yourself in danger of other malware infections (it is not unheard of crooks sending fake decryptors that are malicious) and might as well lose the money in general. Thus, rather try alternative data recovery methods.

If your files are encrypted by Cryptes, you can use several methods to restore them:

Try Data Recovery Pro

This application is a powerful tool that allows users to restore files that have been damaged or accidentally deleted. However, security researchers noted that it can help ransomware victims as well.

Make use of Windows Previous Version feature

This method will only work if you had Windows Restore function enabled before ransomware struck.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer could recover your files

In some rare cases, ransomware fails to eliminate Shadow Volume Copies. ShadowExplorer would help you to restore all files in such scenario.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No official decryptor is available yet

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Cryptes and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes Malwarebytes or Plumbytes Anti-MalwareNorton Internet Security

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References