I wrote this article to help you remove CryptConsole Ransomware. This CryptConsole Ransomware removal guide works for all Windows versions.
CryptConsole is a ransomware. Or, at least, it pretends to be one. It is trying to pass as a variant of the dreaded Globe infection as it shares some similarities with it. For instance, both parasites use the same ransom note. However, unlike Globe, which actually encrypts your data, CryptConsole only pretends to encrypt it. In a way, you have been lucky to have fallen victim to CryptConsole and not a real ransomware threat.
All that CryptConsole does is renaming your files in an attempt to make you think they are locked. But they aren’t. There is no encryption. The pest relies on the horrible reputation ransomware pieces have. But that is it. Your files are intact. They are only renamed to unCrypteemail@example.com_[original file name] but they ARE still accessible. You can open each picture, file, video, or document even though they have brand new names and extensions.
Usually, seeing an extension like this means that your files have been effectively locked. But not this time. All of this is a scam. The fake ransomware is trying to get to your money. Money is and has always been crooks` main goal. However, this “ransomware`s” authors decided not to put too much effort in their work. They`ve decided to play games with you. That`s why, after all of your files get renamed, the parasite drops a ransom note on your desktop – HOW TO DECRYPT YOUR FILES. According to the note, the only way of recovering your data is by obtaining a decryption tool. The tool, of course, doesn’t come for free. You have to pay a ransom.
The note also provides two email addresses which you are supposed to use to contact the cybercriminals so they can give you detailed payment instructions. The ransom demanded is 0.2 Bitcoins ($184) and if you pay, you get a decrypter. But what for? Your files are perfectly fine except for their new names. Don’t let crooks fool you. Stay away from these email addresses and whatever you do, do not get in touch with them. If you do, they will try to convince you that your data is being held hostage and that if you don’t comply, it will stay that way. This may be the case with other ransomware infections, but it is not the case with CryptConsole. This pest is trying to scam you with imaginary encryption. Maybe, there are people who are careless enough not to actually check if their files are locked and pay the ransom right away. Don’t be one of these people.
There is absolutely no reason for you to panic. There is no need to give your money to crooks and encouraging them. You know that they will use everything for nothing but more malware creation. Not to mention that by paying them, you are putting your personal information at risk. All you have to do is remove the fake ransomware from your machine. Use our easy-to-follow removal guide at the end of this article and get rid of this nasty phony parasite.
You are probably also wondering how you got stuck with this lying pest. Well, one of the most effective entering tactics involves spam email messages. Sometimes, an infection lands directly into your regular inbox posing as a legitimate message. It may be disguised as a shipping invoice or a job application. It gets send to your inbox and you do the rest by being careless. Do not open emails from unknown senders and do not download their attachments.
More often than not, these emails deliver malware. And next time you may get infected with an actual file-encrypting parasite. Delete all messages which look suspicion and which you don’t know the sender of. Be more cautious online. What infections need the most is your negligence. Without it, they cannot succeed. And we don’t only mean with spam emails. There are other techniques as well. For example, a ransomware can pose as a fake program update. It can use the help of a Trojan to enter. It can hide behind corrupted pages/links/torrents or bundled software. The methods are many. That’s why is crucial that you do your due vigilance. Don’t make yourself an even easier target.
CryptConsole Ransomware Removal
Method 1: Restore your encrypted files using ShadowExplorer
Usually, CryptConsole Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
- Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
- Install ShadowExplorer
- Open ShadowExplorer and select C: drive on the left panel
- Choose at least a month ago date from the date field
- Navigate to the folder with encrypted files
- Right-click on the encrypted file
- Select “Export” and choose a destination for the original file
Method 2: Restore your encrypted files by using System Restore
- Go to Start –> All programs –> Accessories –> System tools –> System restore
- Click “Next“
- Choose a restore point, at least a month ago
- Click “Next“
- Choose Disk C: (should be selected by default)
- Click “Next“. Wait for a few minutes and the restore should be done.
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since CryptConsole Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs: