I wrote this article to help you remove CryptoJacky Ransomware. This CryptoJacky Ransomware removal guide works for all Windows versions.
A new win-locker is terrorizing PC users around the world. It is known as CryptoJacky ransomware and it usually announces itself to its victims in Spanish. It displays a message, which states that the victim’s computer has been used for illegal purposes and all files on it are now encrypted. The crooks demand a ransom of 250 EUR in Bitcoins. After a successful transaction, the victim is supposed to contact the hackers via the following email address: ransom_ph@mail2noble.com. Then the crooks will send the decryption key.
CryptoJacky ransomware can encrypt different kinds of files. Its most common targets are documents, archives, videos and pictures. The virus won’t encrypt files essential for your OS. Your computer will be completely functional, however, you won’t be able to access any files on it. You will still be able to see the icons of your pictures and videos, but you won’t be able to open them. Now, you must be wondering how did it happen. Well, once on board, CryptoJacky ransomware scans your system. Then, it will encrypt all detected files with the strong AES encryption algorithm. All this happens in the background, so the user cannot notice it until it’s too late. Judging by the methodology this virus employs, we can say that CryptoJacky is a classic ransomware program.
When all your data is encrypted, CryptoJacky ransomware will reveal itself and state its demands. The sinister program displays two windows in the form of error messages. They are titled rescate de archivos-información and rescate de archivos-instrucciones. Those files contain information about the ransomware and step-by-step payment instructions. The instructions are very clear and easy to follow, however, you should not do so. There is no way you can win a game with hackers. Keep reading to find more information about the virus.
We do not recommend paying the ransom. There is no guarantee that the hackers behind CryptoJacky will send you a working key, if they send you anything at all. The instructions state that the victim must contact the hackers after a successful Bitcoin transaction. To put it simpler: you pay, contact the crooks and wait for them to contact you back. But what if they don’t? You cannot ask for a refund. This is why cyber criminals use Bitcoins. This currency is completely untraceable. Even authorities won’t be able to help you.
Even if the hackers send you a working decryption key, the ransomware will remain on your device. It can re-encrypt your files. How many times are you willing to pay for your files? There are cases where the victim paid the ransom and decrypted their files only to have them re-encrypted mere hours later. Before you do anything, you need to remove the virus. Otherwise, you risk re-encrypting files or spreading the virus to your other devices.
All this aside, perhaps there is no need to pay the ransom. If you have a system backup, you can restore your files from it. It is important, however, to delete the infection first. As we already mentioned, such actions do not remove the clandestine program from your computer. Use a trustworthy anti-virus utility to scan your system and remove the parasite. You can use our removal guide which you can find after this article.
CryptoJacky ransomware uses basic distribution methods. Spam emails and fake program updates are the most common. To prevent ransomware infection, you should be extremely careful. A push-up email can execute a virus download, so don’t open emails from unknown senders. Be careful if you see an update alert. It is possible that the “update” you are about to download is, in fact, a virus. Crooks tend to create ads that look like update notifications from popular software vendors. If the user is not cautious, they may infect their machines with dangerous parasites.
File-sharing networks and social media can be used to distribute CryptoJacky ransomware. Those web services are an irreplaceable part of our lives. We are so used to them that we don’t pay attention to what we do online. Blindly following links is very dangerous. Even if you received them in a message from a friend. Remember that no one is immune to viruses. If your friend’s machine got infected, it could be used to distribute parasites. It is possible to receive a compromised link from a person whose computer is clean. This happens when the hackers attack a platform, rather than a computer. Therefore, if you receive a link without explanation, ask your friends about it.
CryptoJacky Ransomware Removal
Method 1: Restore your encrypted files using ShadowExplorer
Usually, CryptoJacky Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
- Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
- Install ShadowExplorer
- Open ShadowExplorer and select C: drive on the left panel
- Choose at least a month ago date from the date field
- Navigate to the folder with encrypted files
- Right-click on the encrypted file
- Select “Export” and choose a destination for the original file
Method 2: Restore your encrypted files by using System Restore
- Go to Start –> All programs –> Accessories –> System tools –> System restore
- Click “Next“
- Choose a restore point, at least a month ago
- Click “Next“
- Choose Disk C: (should be selected by default)
- Click “Next“. Wait for a few minutes and the restore should be done.
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since CryptoJacky Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:
