Severity scale:  

Remove Cryptes ransomware (Removal Guide) - Decryption Methods Included

removal by Lucia Danes - - | Type: Ransomware

Cryptes ransomware – a cryptovirus that holds files hostage and demands payment in Bitcoin for their release

Cryptes ransomware

Cryptes ransomware is a file locking virus that first showed up at the end of July 25th, 2018. As it is a variant of DCRTR ransomware, it uses a combination of AES, SHA,[1] RSA to lock up files and appends .cryptes extension. As soon as the encryption process is finished, HOW TO DECRYPT ALL MY FILES.txt ransom note is downloaded to the victims' computers and placed into each of the affected folders. Users can view the file and see that hackers demand an unknown amount of Bitcoin to be paid for data release. To find out the price and receive further instructions, users need to contact Cryptes ransomware authors via

Name Cryptes
Type Ransomware
Encryption algorithm AES, SHA, RSA
Extension .cryptes
A variant of  DCRTR ransomware
Distribution Spam emails, unprotected RDP, malicious websites, etc.
Symptoms Unusable files
Elimination Use automatic removal method – choose Reimage Reimage Cleaner Intego or Malwarebytes

Cryptes ransomware typically infiltrates users machines when they are not careful enough when surfing the internet or opening emails from unknown sources. Hackers often use phishing emails and high-risk websites (such as file-sharing, torrents) to make sure that the virus gets distributed. Thus, if you do not take high risks, you will never have to worry about Cryptes ransomware removal.

As soon as the malicious payload of Cryptes is executed, the malware modifies the system's settings and starts a scan. It looks for the data to encrypt, and skips system, executables, and few other files. Hackers do not want to destroy your computer, and they just want to extort money. That is why the virus skips system files – the machine needs to operate correctly.

However, every personal file (.jpg, .doc, .dat, .img. .pdf, etc.) is systematically locked and .cryptes extension is added. From that point, users cannot access their files anymore. Note that the data is not corrupted in any way, it simply requires decryption key, which is stored on a Command and Control server that only malware authors have access to.

Users are informed of what happened in a ransom note HOW TO DECRYPT ALL MY FILES.txt which becomes available for victims to view. It is unknown what amount Cryptes ransomware authors want, but they most certainly want Bitcoins – a digital currency. This way, they can stay anonymous during the transaction, as a personal bank account is easily traceable. Although Bitcoin wallets are more pseudonymous rather than anonymous, cybercrooks manage to bypass traceability by using various tools, such as VPNs and proxies.[2]

Here's the fragment from the ransom note:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail:
In case of no answer in 24 hours write us to theese e-mails: or
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. 
Free decryption as guarantee

As a “proof” cybercriminals promise to decrypt five files (up to 10MB) for free. Ironically, they even warn victims of being scammed by other parties.

Cryptes virusCryptes is a file locking virus that demands ransom to be paid for file release

However, it is unwise to contact crooks, as these people can not be trusted. Just think about it – if they managed to lock up your files to gain illegal profit, what obligates them to take your money and never reply? Besides, if you do contact them and receive Cryptes decryptor, you are highly likely to be a target for the future attacks.

Therefore, do not give in to hackers' menace and remove Cryptes ransomware from your computer. To ensure proper elimination, use Reimage Reimage Cleaner Intego or Malwarebytes. Only then you can proceed with file recovery procedure (note that official decryptor for Cryptes ransomware does not exist yet, but you can get your data back from backups or by using third-party software).

Visit your Inbox with care – ransomware can be hidden inside malicious emails

People usually do not pay attention to dangers until the unfortunate events happen to them. That is precisely how it works with malware as well. Users are careless and tend to avoid anti-malware software due to costs or pure laziness. However, keep in mind that once files are encrypted by ransomware, the chance of getting them back is quite low, unless the official decryption tool is released (in some cases it might take researchers years to develop one).

To avoid such a scenario, make sure you follow these simple rules:

  • Spam emails are the most prominent malware distribution methods. Therefore, think twice before viewing every email that comes your way. If needed, scan the attachment with anti-malware software and always mouseover hyperlinks that might be present inside;
  • Employ reputable security tools. These applications are necessary for every computer user that uses the internet. Anti-virus program's database is continually updated, so malware can be blocked before it enters the machine;
  • Avoid malicious websites. Users can sure be redirected to suspicious websites, but they should never click on links or pop-ups that appear there. Additionally downloading executables (keygens, cracks) or cracked software on dubious file-sharing sites can lead to ransomware infection;
  • Backup your files. If you have that step complete, you do not need to worry about anything. However, make sure that you do not connect your external device to the infected computer, as all backup data will be encrypted as well.

Get rid of Cryptes ransomware by using powerful security tools

Cryptes ransomware removal should not be executed manually, as experts[3] note. This procedure is complicated and should only be practiced by trained IT professionals. If you proceed with it, you might damage your system files beyond repair. Therefore, leave the job to anti-malware software instead. Before performing the scan, make sure that the latest virus database is being used.

In some cases, the malware might block the correct operation of the security suite. In such a case, enter Safe mode with networking as explained below. As soon as you remove Cryptes virus, you can proceed with file recovery – you can find instructions below. Nevertheless, if you do not possess a backup, the chance of retrieving data is quite low.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Cryptes virus, follow these steps:

Remove Cryptes using Safe Mode with Networking

If .cryptes ransomware is blocking your anti-virus program, enter Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Cryptes

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Cryptes removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Cryptes using System Restore

Disable malware using System Restore:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Cryptes. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Cryptes removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Cryptes from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

Although crooks might ask as little as $25 for file recovery, it is not worth taking the risk. By contacting them, you put yourself in danger of other malware infections (it is not unheard of crooks sending fake decryptors that are malicious) and might as well lose the money in general. Thus, rather try alternative data recovery methods.

If your files are encrypted by Cryptes, you can use several methods to restore them:

Try Data Recovery Pro

This application is a powerful tool that allows users to restore files that have been damaged or accidentally deleted. However, security researchers noted that it can help ransomware victims as well.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Cryptes ransomware;
  • Restore them.

Make use of Windows Previous Version feature

This method will only work if you had Windows Restore function enabled before ransomware struck.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer could recover your files

In some rare cases, ransomware fails to eliminate Shadow Volume Copies. ShadowExplorer would help you to restore all files in such scenario.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No official decryptor is available yet

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Cryptes and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions


Your opinion regarding Cryptes ransomware