Severity scale:  

Kraken Cryptor. How to remove? (Uninstall guide)

removal by Julie Splinters - - | Type: Ransomware

Kraken Cryptor – ransomware which belongs to the Kraken virus category

Kraken Cryptor virus
Kraken Cryptor - a file-encrypting virus which belongs to the Kraken ransomware family.

Kraken Cryptor is ransomware[1] virus that belongs to Kraken ransomware which first launched last year. Once Kraken Cryptor virus enters the system, it modifies the Windows Registry to be able to perform its hazardous actions. After that, the infection starts spreading, and files are encrypted by adding the .%8 numbers%-Lock.onion appendix to each of the affected documents. As soon as data is locked, How to Decrypt Files.txt ransom message is dropped which explains the file encryption procedure. Cybercrooks urge contacting them via email address and paying 0.25 BTC to receive the decryption key for locked files.

Name Kraken Cryptor
Also known as  Kraken Cryptor 1.2
Related to Kraken ransomware
Appendix .%8 numbers%-Lock.onion
Ransom message How to Decrypt Files.txt
Ransom type 0.25 BTC
Purpose To encrypt files and demand a ransom in exchange for a decryption tool
Distribution Spreads through spam emails, P2P networks
Prevent it Use antivirus protection, do not open suspicious email attachments
Removal process Get rid of the ransomware infection with Reimage

Malware Hunter Team noticed that Kraken Cryptor 1.2 authors left an interesting comment in malware's code. It contained the following: “When the researchers party hard, our parties harder!”. While it seems like hackers have some sense of humor, the Kraken Cryptor virus infection is not a joke for the infected users, as encrypted files cannot be decrypted.

You can also recognize this virus from other signs such as:

  • Files are encrypted with the  .%8 numbers%-Lock.onion extension;
  • A ransom note named How to Decrypt Files.txt has been displayed;
  • Dubious registry entries have been created in the Windows Registry.

Here is how the ransom message begins:



E-Mail        :

Alternative :


Hackers use AES-128/256 cipher to encrypt personal files. To decrypt them, victims need to obtain a key which is generated for each person individually; hence cannot be used for different machines. The decryptor is stored on a remote C2 server which is only accessible to Kraken Cryptor 1.2 developers.

However, do not rush to contact the criminals, as these people can not be trusted. If you did not prepare a backup before Kraken Cryptor struck, you could try using another option for file decryption. Look for our offered third-party software which you can find below this article.

Nevertheless, ransomware-type ransomware-type viruses may weaken the computer's security levels and clean the way for other infections. This is one of the main reasons why you need to remove Kraken Cryptor virus from your computer as soon as you spot first symptoms. For that, we suggest using Reimage or any other trustworthy anti-malware tool of your liking.

Kraken Cryptor removal should be performed before the file recovery because all the data will be encrypted again. Important: do not connect your external drive to the PC before the virus is eliminated!

Prevent ransomware infections by being attentive online

According to IT experts, users infect their computers with ransomware through suspicious email messages. Such spam is dropped straight to a victim's email inbox. The phishing email comes with a suspicious attachment or a cleverly hidden hyperlink. While some emails might look legitimate, do not get tricked by it. Ignore it and never open any attachments or click on links inside.

Additionally, you can get a ransomware infection from peer-to-peer networks[2] and file-sharing sites. These types of websites lack protection and are more likely to be hacked by criminals who can inject their malicious code using JavaScript or other methods. Do not forget that anti-virus software is one of the most important security measures and should not be neglected.

Make sure you get rid of Kraken Cryptor and all virus-related components

Even though manual elimination is not quite possible for this case, you can perform the Kraken Cryptor removal by downloading and installing a professional anti-malware tool. We suggest using Reimage, Malwarebytes, or Plumbytes Anti-MalwareNorton Internet Security. Choose the program that suits you the most.

You need to remove Kraken Cryptor virus and get rid of all components that were injected while the malware was active. After you perform the automatic elimination, you can attempt to get your files back either via the backup or by using third-party software. experts[3] recommend taking some precautionary measures for the future. Most importantly, you need to take care of valuable documents. It is advisable to store them on an external device such as a USB flash drive or iCloud.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternate Software
Alternate Software

To remove Kraken Cryptor, follow these steps:

Remove Kraken Cryptor using Safe Mode with Networking

Reboot your computer to Safe Mode with Networking to disable the virus:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Kraken Cryptor

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Kraken Cryptor removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Kraken Cryptor using System Restore

Follow these instructions to activate the System Restore feature:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Kraken Cryptor. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Kraken Cryptor removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Kraken Cryptor from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If you were thinking how to get various encrypted documents back, we have provided some solutions for you. You will see some methods below, that, if performed as required, might be helpful for data recovery.

If your files are encrypted by Kraken Cryptor, you can use several methods to restore them:

Use Data Recovery Pro to recover various corrupted data:

If your files were encrypted with a certain appendix that was added by the ransomware-type virus, this method might help you get important files back.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Kraken Cryptor ransomware;
  • Restore them.

Try Windows Previous Versions feature if wanted to restore some documents:

Take notice that this method might be helpful only if you have taken some precautionary measure before the cyber attack managed to infect your computer system. You should have activated the System Restore feature before the ransomware infection spread, otherwise, this method will not work.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer and recover lost data:

This method might help you to get valuable files back if the ransomware infection did not destroy Shadow Volume Copies of affected documents.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

The official Kraken Cryptor decryptor has not currently been discovered.

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions