C4H Ransomware Removal Guide

Do you know what C4H Ransomware is?

C4H Ransomware is a file-encryptor, but this infection was not created to corrupt your files for fun. Your files are encrypted so that cybercriminals behind it could extort money from you. When it attacks and corrupts all files, you are quickly introduced to a message, according to which, all files are recoverable with a decryptor offered by the attackers. Isn’t that convenient? The ugly truth is that even though the attackers will accept your money gladly, they are unlikely to give you anything that could help recover your personal files. Luckily, this malware is a new variant of an old infection, Globeimposter Ransomware, and a free Globeimposter decryptor exists already. Will it restore all files corrupted by the C4H variant? We do not know, but it is worth giving the tool a shot. After all, it is free, so you would lose nothing. Obviously, whatever happens, you must delete C4H Ransomware, and we share a few removal tips in this report.

Although C4H Ransomware comes from the same family of malware as Taargo Ransomware, Ox4444 Ransomware, Pig4444 Ransomware, and many other infections, there are some unique things about it. For one, when files are encrypted by this threat, the “.C4H” extension is appended to their names. The ransom note file that this malware drops is named “Decryption INFO.html,” and the message is unique as well. Most likely, all of these threats are built by different parties, who are simply using the same malware code. So, what do the attackers behind C4H Ransomware want? According to the ransom note, they want you to send one encrypted file to chinarecoverycompany@cock.li or chinarecoverycompany@airmail.cc so that they could prove to you that file decryption is possible and to explain how to pay the ransom. The message also warns against the removal of the threat, as well as the use of antivirus and third-party decryption tools. Should you pay attention to these demands and warnings? We are sure that you should not because we do not believe that you would obtain the decryptor even if you did everything as instructed.C4H Ransomware Removal GuideC4H Ransomware screenshot
Scroll down for full removal instructions

Hopefully, you do not need to consider the option of paying money for the alleged C4H Ransomware decryptor because you can recover your files for free using the decryptor mentioned above. Alternatively – and this might be the best option – you can replace the corrupted files with backup copies. These copies might be stored online, other devices, or external drives, and you should be able to transfer them onto the affected system, but only after you remove C4H Ransomware successfully, of course. Besides removing this malware, you also need to figure out how to secure your operating system against cyberattackers in the future. Do you even know how they managed to drop the ransomware onto your operating system? Whether they used spam emails, RDP backdoors, bundled downloaders, or other infections, your system must lack well-rounded and reliable protection because if it was secured, malware would not stand a chance of slithering in. This is not the only security measure you need to think about. You also need to remind yourself constantly about backing up files (outside the computer) to make sure that you have copies of files in case something bad happens to the originals.

Where is the launcher of C4H Ransomware? We do not know, and so we cannot give you an exact guide on how to find and delete this malicious file. We know that the ransom note file is found in %HOMEDRIVE%, and while it is not a malicious file per se, you need to delete it as well. The guide below presents three potential malware locations, but if you cannot find or identify malware yourself, do not abandon the mission. The best thing you can do is install a legitimate anti-malware tool because it is built to automatically find and remove C4H Ransomware files. If other threats exist, this tool can remove them too. Most importantly, this tool can secure your operating system and prevent new infections from it, jeopardizing your virtual security, or harming your personal files again.

Delete C4H Ransomware

  1. Tap Win and E keys at the same time to access File Explorer.
  2. Enter the following paths into the quick access bar at the top:
    • %TEMP%
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
  3. If you can identify malware files, immediately Delete them.
  4. Enter %HOMEDRIVE% into the quick access bar at the top.
  5. Delete the ransom note file called Decryption INFO.html.
  6. Empty Recycle Bin.
  7. Implement a trusted malware scanner to examine your system for potential malware leftovers.

In non-techie terms:

C4H Ransomware is a dangerous infection, and if you do not remove it immediately, it could encrypt all of your personal files. Because this threat is a new variant of an old, well researched infection, a free decryptor already exists. Unfortunately, we do not know if it would work for all victims in all cases. However, if your personal files were encrypted, giving this tool a try cannot hurt. Alternatively, you might be able to use your own backup copies to replace the corrupted files. Of course, you have to have copies stored somewhere safe for this to work. The first thing that you need to do, however, is to remove C4H Ransomware. Use the guide above for manual removal or, better yet, install an automated anti-malware tool.