Home / Spyware Help / CC1H Ransomware Removal Guide

CC1H Ransomware Removal Guide

by 0 Comments

Do you know what CC1H Ransomware is?

If you cannot read your files, and the “.CC1H” extension is attached to their names, CC1H Ransomware must have invaded your system. Unfortunately, if your files are unreadable, and the extension is attached, the attack is already complete. It is worth mentioning that this malware autostarts with Windows, and so it can encrypt files again if it detects any new ones after a restart. Therefore, there is no time to waste here. This malware must be removed as soon as possible, and, in this report, we discuss the different options you can choose from. Unfortunately, regardless of how you delete CC1H Ransomware, your files will not be decrypted. Luckily, there are other things to try out.

It is most likely that you let in CC1H Ransomware yourself. Of course, if that is the case, you did that by accident, unknowingly. The threat’s installer is usually spread via spam emails, and the messages inside can trick people into opening the attached files for various bogus reasons. For example, the message might claim that the document attached has important flight or package delivery information. The threat could also be distributed via bundled downloaders, and cybercriminals could drop it using RDP vulnerabilities. That is exactly how TorS@Tuta.Io Ransomware, C4H Ransomware, and other well-known threats spread as well. Just like CC1H Ransomware, these belong to the Globe Imposter Ransomware family. There is a tool called ‘GlobeImposter Decryptor’ that was built by malware fighters and can be downloaded for free. Will it decrypt files for you? We cannot know for sure.CC1H Ransomware Removal GuideCC1H Ransomware screenshot
Scroll down for full removal instructions

If you cannot use the free decryptor, and if you also cannot replace the files corrupted by CC1H Ransomware using safely stored copies, you might be pushed into a corner. The ransomware was created to encrypt your files and also to drop a file named “Decryption INFO.html.” As the name suggests, it provides information, and according to it, if you want to regain your files, you have to purchase a decryptor. The initial ransom note does not disclose the price of the tool, but it is stated that you would get that information as soon as you emailed chinarecoverycompany@cock.li or chinarecoverycompany@airmail.cc. Do we have to explain why contacting cybercriminals is a terrible idea? If you send them a message (along with one encrypted file and a dedicated “personal ID”), the attackers could extort money from you, and they could send you all kinds of misleading messages. They could continue terrorizing you even after you pay the ransom. Sadly, you are unlikely to get anything in exchange for this ransom. That is why we do not recommend paying it.

Of course, it is easy to say that you must not comply with cybercriminals’ demands from the sidelines, but keep in mind that they do not care about you and your personal files, and no one can force them to keep their end of the deal. Hopefully, you do not even need to consider paying the ransom for the CC1H Ransomware decryptor, because you can use the free decryptor or, ideally, you can replace the corrupted files with backups. Of course, because this malware autostarts with Windows, you must delete it first. We cannot guarantee that all victims will be able to remove CC1H Ransomware manually using the guide below, but we can guarantee that reliable anti-malware software will destroy it to its last piece. This is not the only reason to install such software. You also need the full-time protection it is ready to provide.

Delete CC1H Ransomware

  1. Right-click and Delete the file named Decryption INFO.html (note that all copies must be eliminated).
  2. Simultaneously tap Windows and E keys on the keyboard to launch the File Explorer.
  3. Type %APPDATA% into the field at the top and then tap Enter on the keyboard.
  4. Right-click and Delete the malicious {random name}.exe file (note that you can identify it using step 8).
  5. Simultaneously tap Windows and R keys on the keyboard to launch Run.
  6. Type regedit into the dialog box and then click OK to launch the Registry Editor.
  7. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  8. Right-click the value named CertificatesCheck (check the value data to find the name of the .exe file in step 4) and then click Delete.
  9. Exit Registry Editor and File Explorer and then Empty Recycle Bin.
  10. Install a trustworthy malware scanner to help you check if there is anything else to remove.

In non-techie terms:

CC1H Ransomware attacks silently. It encrypts files without your knowledge. Once it is done, you cannot read your files anymore, and a ransom note file dropped by the infection informs that you must pay for a decryptor. Unfortunately, even if you do as told, you are unlikely to get your files back. Therefore, we suggest keeping the money to yourself. The good news is that you can still try employing the free decryptor, and you can use your own copies (if you have them) to replace the corrupted files. First, of course, you need to remove CC1H Ransomware. If you are planning on doing it manually, do not forget that you must scan your system afterwards. If you understand that your system lacks comprehensive protection, it is best to implement anti-malware software. It will delete all malicious components automatically.