Remove CryptoJoker Ransomware and Decrypt .crjoker Files

Did you find your files encrypted? Don’t panic! This is a full tutorial how to decrypt .crjoker files and how to remove Cryptojoker ransomware

If you see any sign of this malware, eradicate CryptoJoker immediately. It is one of many similar trojan-ransomware infections of the previous months that could cost you much time, trouble and data-loss/cash. After breaching your operating system, the virus sets up communication with the hacker’s server; encrypts all personal files and then demands a fee to provide the key to access them again. While a few ransomware codes have been cracked by specialists, this one that remains unsolved, so the only solution if infected is to remove CryptoJoker – preferably before it’s finished its dirty work – and try to recover your files from copies that may remain in your system. Another potential danger of infection is the passing of personal and financial data to the control server and resulting I.D theft. If you do have external back-up, then wiping your hard drive and re-installing files is the easiest option. As this virus takes control of browsing, it can prevent access to certain help pages, and in some cases not only evades weak security programs but also disables them. When you have uninstalled CryptoJoker, it is necessary to understand how the system became infected, and how to prevent this happening again…

How CryptoJoker enters a system

There are a number of ways that this type of parasite can enter, though each new malware seems to have a favorite way to distribute itself (this very much depends on the form of attack determined by the developers). With CryptoJoker, the most reported to date is as a PDF file that is distributed via an unsolicited e-mail. These can often be disguised (sometimes very convincingly) as a communication from a government office that usually infers you may have some finances to receive, and inviting you to open the attachment to action this. Other phishing (e-mail deceptions) noted by users are offers of free game software, or as experienced in Australia, a legitimate looking e-mail offering the reader the chance to upgrade their system to Windows 10. Other ways to deceive or catch a user off guard are: trojans buried in freeware bundles that execute on installation; intrusion by exploiting browser vulnerabilities on compromised/dubious ‘sites or blogs; bundled with torrent downloads; fake pop-ups for freeware updates; conventional hacking through an unsecured network. It is important to remember that all of these infection routes are preventable with good practice and efficient software.

What to do if infected with CryptoJoker

Infections can often be overlooked by out-of-date software. There are some manual signs: slower browsing, perhaps with redirection or interference; slower processing speeds when you run familiar applications; system – and screen – freeze momentarily at random; increased pop-up ads; unprompted internet connections established. If you detect CryptoJoker sooner, then cleaning up the problems will be easier. First disconnect all internet and network connections – wired and wireless to disrupt its communication. Check your files to make sure they still have familiar extensions and back these up to a flash drive or similar. Automatic removal can be done by installing strong anti-virus software that knows this particular villain, or you can go about removing CryptoJoker manually using Safe Mode (see below). If you have back-up, wipe the disk and re-install files. Remember that this virus will have roots in your browser, so reset this to default and remove any unrecognized plug-ins. To be sure that all malware extensions are removed, download Microsoft’s Malicious Software Removal tool (preferably with another computer and transfer by flash). This program is included in some system Service Packs, or is free from windows.microsoft.com. After clearing CryptoJoker from the system, next comes attempted recovery of any encrypted files; this can be done by looking in Previous Copies of files manually, or with the help of programs like R-Studio or Photorec. If this doesn’t work, try in Shadow Volume Copies using Shadow Explorer which can also be downloaded from the Microsoft ‘site. Ransomware often tries to delete shadow volumes, though has varying degrees of success, so it is worth searching there as a last resort.

How to Decrypt CryptoJoker Encrypted Files (.crjoker files)

Method 1: Restore your files encrypted by CryptoJoker using ShadowExplorer

Usually, CryptoJoker deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files encrypted by CryptoJoker ransomware using File Recovery Software

If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since CryptoJoker first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete

Preventing CryptoJoker

• Install an advanced anti-virus/malware program that has regular updates;
• Update your browser. Place settings to a maximum threat warning;
• Always use Advance/Custom installation options for freeware;
• Don’t open dubious files/e-mails/pop-ups offers;
• Secure – or disable – RDP;
• Secure networks for access only to Authenticated Users;
• Research Software Restriction Policies. They block executable files from running when located in specific paths (for instructions see the Microsoft website).

So: perform regular back-ups; operate safely with hygienic browsing, and add an extra layer of security – get some good A/V software – and let’s wipe the smile from these Jokers’ faces!