Remove Cry128 Ransomware

Leave a Comment / Ransomware / By

I wrote this article to help you remove Cry128 Ransomware. This Cry128 Ransomware removal guide works for all Windows versions.

The dubious ransomware business has proven itself so lucrative that newer and newer pieces are being developed every single day. One of the most recently created ransomware threats is Cry128 ( a member of the CrypON family) which has been on the malware stage since April this year. As a classic ransomware, Cry128 does exactly what all members of this family do. It sneaks into your machine in complete silence, encrypts your valuable files and then demands money for their release. It goes without saying that this pest has no place on your machine. Having it on board doesn’t only mean having your data lost. It also means that your privacy is in danger. What you must do is remove the infection as soon as possible. Letting it be will only make things worse. Don’t procrastinate but take measures. Now!

As we said, Cry128 slithers in undetected. But how? This ransomware relies on the help of a Trojan horse to enter. Trojans often serve as backdoors to other infections, especially to ransomware pieces. Once you are infected, the Trojan enables a remote desktop control and hackers take the wheel from there by forcing the ransomware on your machine. The cybercriminals use huge spam email campaigns to distribute their threats. An infection can be sent directly to your inbox, disguised as a legitimate email and if you are not careful and open the messages, you invite this infection on board. Do not open emails from people what you don’t know. If the message claims that it is from a company, check to see if the email address matches first. If not, delete the email immediately. It is very important that you are careful when you are online. Crooks pray for your haste, distraction, and carelessness. Other tactics for spreading malware are freeware bundles, malicious ads/torrents/pages, fake updates, unverified download sources, etc. Do your due diligence and keep yourself and your computer safe.

Remove Cry128 Ransomware
The Cry128 Ransomware

Once on your PC, the first thing Cry128 does is to scan your machine and find all of your important data. The infection is able to target more than 90 file types. When is locates them, it encrypts everything using the AES-128 encryption algorithm. The pest also relies on the RSA-1024 algorithm to secure the decryption key which unlocks your data. So, the most of your files are now being kept hostage by the virus. Your pictures, videos, music, documents, presentations, etc. You have no access to any of them. You cannot open them, edit them, watch them or listen to them. Nothing. All you are left with are their empty renamed icons. Yes, the ransomware changes the names of your files by adding one of these four extensions: “.fgb45ft3pqamyji7.onion.to._”, “.id__gebdp3k7bolalnd4.onion._’”, “.id__2irbar3mjvbap6gt.onion.to._ “, “.id-_[qg6m5wo7h3id55ym.onion.to].63vc4”. Seeing one of these appended to your files means that the file-locking process are finished and all of your data is encrypted. After the encryption, Cry128 drops its ransom note. However, this pest`s note is not as standard as others.

For instance, the exact ransom sum which the crooks demand is not stated in the note. Instead, there are URL addresses where the victim can find it. Of course, according to the note, once you pay the ransom, the crooks will send you the decryptor to free your data. Allegedly. It goes without saying that there are no guarantees that these cybercriminals will actually deliver. All they care about is money. Your data is their last concern. That’s why experts advise against payment. There is a big chance that you don’t receive the tool you paid for and even if you do, you still lose. The decryptor only removes the encryption, not the infection. This means that your newly recovered files can be re-encrypted hours after freeing them. Do the right thing. Don’t give these hackers any money and don’t help them expand their business. Moreover, do not grant them access to your privacy as, by paying, this is exactly what you are doing. Instead, use our detailed removal guide below and get rid of Cry128 once and for all.

Cry128 Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Cry128 Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panelshadowexplorer
  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Nextsystem restore
  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Cry128 Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.