Do you know what CryLock Ransomware is?
CryLock Ransomware is an extension that might bring some of its victims to tears, and that is simply because it is capable of encrypting the personal files on the systems that it invades. This malware needs permission to execute, and its creator might come up with various tricks to make you give it that permission. For example, they could create a misleading email message urging you to open an attached file. A seemingly harmless file would actually execute the threat, and so if you opened the file, you would be responsible for that. Unfortunately, there are many other tricks that cybercriminals have up their sleeves, which is why securing the system and personal files is extremely important. If you want to learn how to do that, as well as how to remove CryLock Ransomware, please continue reading.
According to our research team, CryLock Ransomware is a new variant of a different infection, known as ‘Cryakl Ransomware.’ It is unknown who the creator of this malware is, and it is likely that we will see new variants of it emerge in the future. Once the threat invades the system, it begins with file encryption, and when it encrypts files, it goes after photos, documents, presentations, projects, archives, media files, and so on. It has no interest in system files, primarily because they can be replaced, whereas personal files cannot be replaced. Once the files are encrypted, you should find the “.[jalicry@pm.me].[code]” extension attached to their names. Before that, you might discover a file named “how_to_decrypt.hta” on the Desktop. Although it belongs to the ransomware, and we recommend deleting it, opening it is safe.
CryLock Ransomware screenshot
Scroll down for full removal instructions
The .hta file presents a text message from the creator of CryLock Ransomware. According to this message, your files were encrypted with software that uses an AES cryptographic algorithm, and that happened due to “security problems on your server.” The purpose of this message is to convince you to email jalicry@pm.me, or cryhelp@dr.com if no response comes within 24 hours. The message also claims that you have some time to purchase a decryption key with a 50% discount. Do not fall for this. Even if the sum of the ransom turns out to be manageable, paying it would be a mistake. CryLock Ransomware was created by cybercriminals, and one thing we know about them is that they cannot be trusted. If you contact them, they will push you to pay the ransom, and if you pay it, you are likely to find yourself empty-handed. Unfortunately, at this time, there is no free decryptor that we could offer you.
Dealing with the removal of any kind of malware can be a headache, but when you know that the issues associated with that malware cannot be resolved by eliminating the threat, the situation becomes even more complex. Yes, you cannot restore your files by deleting CryLock Ransomware, but this threat must be eliminated as soon as possible. Our research team has found that the threat runs from where it is executed, and so if you can locate the launcher file, you might be able to remove CryLock Ransomware all by yourself. The only other element that must be erased is the ransom note file. Of course, the security of your operating system is something that must not be ignored. If you want to cut two carrots with one knife, install an anti-malware tool, and it will simultaneously remove threats and secure your system.
N.B. To secure personal files, look into external/online backups. If you use them already, you should be able to replace the corrupted photos, documents, and other files with the backup copies you own.
Remove CryLock Ransomware
- Delete recently downloaded suspicious files (location and name of the launcher are unknown).
- Go to the Desktop.
- Delete the ransom note file named how_to_decrypt.hta.
- Empty Recycle Bin and then run a full system scan using a genuine malware scanner.
In non-techie terms:
CryLock Ransomware is a threat that secretly asks for your permission to slither in, and once it does that, it can silently encrypt all of your personal files. Once files are encrypted, not much can be done to restore them. The attackers are unlikely to release a decryptor, and a free third-party decryptor did not exist at the time of research. Of course, if you have copies of personal files stored in outside backup, you have replacements. Replace files only after you delete CryLock Ransomware, which we recommend doing with the help of legitimate anti-malware software. Even if you are able to remove this threat manually, we still recommend installing the anti-malware software simply because it can help you ensure protection against ransomware and other types of malware in the future.