CrazyCrypt Ransomware Removal Guide

Do you know what CrazyCrypt Ransomware is?

CrazyCrypt Ransomware is one crazy threat indeed. It is targeted at Windows operating systems, of course, and it is likely to use existing security backdoors to slither in. Such backdoors might be exposed via your email inbox or using remote access systems. Overall, cyber criminals know how to exploit every single security vulnerability they can discover, and so you are not safe until you secure your entire operating system, which we strongly recommend doing with the help of anti-malware software. If you are ready to install it, make sure you choose the right software because there are plenty of inadequate tools, and cyber criminals have also created a ton of fake security programs and rogues to scam Windows users further. Hopefully, if you secure your system in time, you will not need to worry about deleting CrazyCrypt Ransomware. If that is an issue you are currently dealing with, your files must be encrypted too.

What is file encryption? That is a process that, originally, was created to help people secure their personal data. Encryption is used in most services that you use today, and so it is not this evil thing that was designed by cyber criminals. Unfortunately, just like with everything else, they have managed to exploit something that is beneficial to serve their needs. Now, they use encryption algorithms to encrypt personal files stored on the affected operating system. Once the file is encrypted, its data is changed to ensure that no one else can read it. Basically, the attacker takes your files hostage in the hopes of making you pay a humongous ransom. In fact, we do not really know how much the attackers behind CrazyCrypt Ransomware want from their victims, and that is because the exact sum of the ransom is not revealed right away. The attackers want you to email them first. As soon as your personal files are encrypted by the infection, a window is launched on your screen. In our case, it was entitled “CrazyCrypt 2.1,” which suggests that there might be at least one other version of this threat. Unfortunately, the window cannot be closed, but you can get rid of it by restarting your computer. Do that now.CrazyCrypt Ransomware Removal GuideCrazyCrypt Ransomware screenshot
Scroll down for full removal instructions

The message delivered via the window launched by CrazyCrypt Ransomware indicates that victims only have 72 hours to contact the attackers using crazycrypt@bk.ru email address and pay the ransom. You do not see the same timer if you open “FILES ENCRYPTED.txt” (on the Desktop), but the message inside this file mentions the same email address. There’s one more email address that we need to look into, and that is crazydecrypt@horsefucker.org. According to our research team, it is shown briefly when the infection starts, but it is permanently appended to the encrypted files. You should be able to see it in the monstrous extension that is attached to all corrupted files: “.id.[ID number].[crazydecrypt@horsefucker.org].crazy.” Note that there is no point in removing this extension because that has nothing to do with the data of your files. Unfortunately, it is highly unlikely that attackers would decrypt your files even if you communicated with them and then paid the ransom. At the time of analysis, a free decryptor did not exist either, but our researchers indicate that a CrazyCrypt Ransomware decryptor could be made public soon. Keep an eye out for that.

We have no doubt that you understand just how important it is to remove CrazyCrypt Ransomware from your operating system. Even though that will not automatically restore your files, this infection is dangerous, and you must delete it immediately. As for the decryption of files, at this time, there is no sure way to restore data, but maybe a free decryptor will become available soon. Who knows? Unfortunately, in most cases, decryptors never emerge, and that is why backing up files is crucial. If your files are backed up now, you can replace the corrupted files with backup copies as soon as you delete CrazyCrypt Ransomware. Eliminating the threat manually is a difficult task, but you can rely on a legitimate anti-malware application to handle it automatically.

Delete CrazyCrypt Ransomware

  1. Restart the computer to disable the screen-locking window.
  2. Go to the Desktop and Delete the file named FILES ENCRYPTED.txt.
  3. Find and Delete the [unknown name].exe file that launched the infection.
  4. Launch RUN (tap Win+R) and enter regedit.exe into the dialog box.
  5. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
  6. Delete the value named ConsentPromptBehaviorAdmin.
  7. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Systemm.
  8. Delete the values named ConsentPromptBehaviorUser and EnableLUA.
  9. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection.
  10. Delete the values named DisableRealtimeMonitoring, DisableBehaviorMonitoring, DisableOnAccessProtection, and DisableScanOnRealtimeEnable.
  11. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  12. Delete the value named DisableAntiSpyware.
  13. Perform a full system scan to check if you have managed to delete everything.

In non-techie terms:

CrazyCrypt Ransomware is a truly despicable infection that preys upon gullible Windows users with unguarded operating systems. Once a target is selected, the infection encrypts files, which means that it changes files’ data to render them unreadable. According to the attackers, this is not a permanent situation, and files can be restored as soon as a ransom is paid. To learn more about the ransom, victims are urged to email one of the two email addresses that are revealed via ransom notes and extensions appended to the corrupted files. If you email the attacker, they will push you to pay a ransom, and there is no point in doing that. This is all a scam to make you give up your savings. The only thing we recommend focusing on is the removal of CrazyCrypt Ransomware, and although you have the option of removing the threat manually, we strongly encourage relying on anti-malware software to clear your operating system.