Home / Spyware Help / Cryptedx Ransomware Removal Guide

Cryptedx Ransomware Removal Guide

by 0 Comments

Do you know what Cryptedx Ransomware is?

Cryptedx Ransomware can cause you a lot of headaches by encrypting all your important files all over your main hard drive; however, our researchers say that this might be your lucky day as it may be possible for you to decrypt your files. The usual scenario when such a dangerous ransomware program hits you is that there is a good chance of losing all your personal files. Even if you would consider paying the ransom, there is a good chance that you will never hear anything from your attackers again. In this case, since this new malware threat is built on a well-known infection called Xorist Ransomware, it is possible to use its free decryption application and you may get all your files decrypted. Of course, we would not advise you to download and use such a tool unless you have proper IT skills. It is important to mention, though, that if you want to decrypt your files this way, you need to do it before you set out to remove Cryptedx Ransomware from your PC. Another way for you to recover your files is to have a backup saved in cloud storage or on a portable drive, which you can use now to copy your clean files back.

If this dangerous threat managed to sneak onto your system, it means that you may have opened a spam e-mail and clicked to view its attachment. One of the most common ways for cyber crooks to spread such ransomware programs is to attach the malicious executable to a properly set up spam mail, which has to be convincing enough for the victim to want to open it. This attached file is usually disguised as a document, an image, or a .zip archive. This spam may seem to come from companies you may know or even the local police.

The subject matter is always something that you could be curious about even if you felt unrelated, including a wrongly made hotel or flight booking, wrong credit card details, undelivered parcel, or an unpaid invoice. It is quite likely that most people would at least want to open this mail to get some further information regarding the alleged matter. However, opening this spam usually will not get you too far. It does not really disclose anything. It is more likely to instruct you to view the attached file; and, this is when the activation of this malicious attack takes place, too. It is essential to understand that you cannot save your files from encryption even if you finally delete Cryptedx Ransomware.Cryptedx Ransomware Removal GuideCryptedx Ransomware screenshot
Scroll down for full removal instructions

Our researchers say that this new variant also uses the TEA algorithm to encrypt your major personal files, including your photos, videos, audios, and archives. This infection does not limit its attack to certain directories as some of its predecessors; it attacks all your folders on your main drive (%HOMEDRIVE%). This malware appends ".cryptedx" to the original extension of every affected file. So your encrypted files will look like "my_image.jpg.cryptedx." This ransomware drops a text file in every affected folder named "HOW TO DECRYPT FILES.txt," which contains the ransom note. This note is identical to the one that is displayed in a dialog box after the attack is over.

This ransom note simply tells you about your files having been encrypted and that your only way out is to send an e-mail to www@lass.33mail.com. You are supposed to get a reply that should contain information about the payment. Such cyber crooks usually demand the fee to be paid in Bitcoins and the amount can vary big time (from 10 to 5,000 dollars in general). We have no information yet about the amount these attackers want you to pay. Nevertheless, we do not even advise you to contact them and pay. As a matter of fact, it seems that the Xorist decryption tool can be used for this threat as well; at least, our researchers managed to decrypt all encrypted files. So you need to download this tool and decrypt your files before you remove Cryptedx Ransomware from your system. However, do not attempt to do this if you are not an experienced user because you could do more harm in fact.

We have included our step-by-step instruction for the removal of Cryptedx Ransomware. If you follow these steps carefully, you could eliminate this dangerous infection from your PC. But, as you can see, it is quite easy to infect your system with even such devastating threats. Therefore, you need to become a safer web surfer and computer user if you want to keep your PC clean and secure. If you cannot do this on your own, we suggest that you install a trustworthy anti-malware program like SpyHunter.

Remove Cryptedx Ransomware from Windows

  1. Decrypt your encrypted files using the Xorist decryptor.
  2. Tap Win+R and enter regedit. Press OK.
  3. Delete the following registry entries:
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Alcmeter ("%TEMP%\{random name}.exe")
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Alcmeter ("%TEMP%\{random name}.exe")
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cryptedx
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cryptedx\OpenWithProgids\NTGQBAPSQKOSXWE
    HKLM\SOFTWARE\Classes\.cryptedx
    HKLM\SOFTWARE\Classes\NTGQBAPSQKOSXWE
  4. Close the Registry Editor.
  5. Tap Win+E.
  6. Locate and delete "%TEMP%\{random name}.exe"
  7. Delete all the ransom note files.
  8. Delete all suspicious .exe files from your download directories that you may have saved recently.
  9. Empty your Recycle Bin and reboot your PC.

In non-techie terms:

Cryptedx Ransomware can infiltrate your system without your knowledge and encrypt your personal files in a short time. Once done, this ransomware infection asks you to contact your attackers via e-mail to receive further instructions with regards to the payment. Clearly, this malicious attack is all about extorting money from you in exchange for the decryption of your files. However, there is never any guarantee that such cyber criminals will really send you anything else than yet another dangerous threat to extort even more money from you or steal information from your system. Since this new threat is indeed a new variant of Xorist Ransomware, which has been cracked by eager malware hunters, you can actually find a free decryption tool on the web for the latter threat that may work for you, too. If you are not a techie, though, we do not advise you to do this alone. When you have managed to decrypted your files, it is time to remove Cryptedx Ransomware from your system immediately. If you would like to defend your PC from similar dangers in the future, we suggest that you employ a reliable anti-malware program.