CryptoSweetTooth Ransomware Removal Guide

Do you know what CryptoSweetTooth Ransomware is?

CryptoSweetTooth Ransomware is a new infection that appears to be targeted at users living in Argentina, but, of course, it could infect operating systems located in other countries where Spanish is the main spoken language. It is spread via spam emails – just like most other ransomware threats – and its launcher might be concealed as a video file. The sample we have tested in our internal lab employed the file called “videohot_barbie.wmv.exe”. Because the original extension (“.exe”) is not shown, you might think that the file attached to the corrupted spam email is a regular video. Of course, that is just a trick, and once you launch the file, the malicious the ransomware is executed without any notice. Needless to say, you should get suspicious when the video does not load; unfortunately, many users are likely to ignore this. If you realize that malware might have invaded your operating system, you should immediately delete the downloaded file, and, maybe, you will prevent the infection from encrypting your personal files. If your files were already corrupted, you still need to think about the removal of CryptoSweetTooth Ransomware.

Have you noticed the “.locked” extension attached to your files? CryptoSweetTooth Ransomware is not the only threat that uses this extension, and Ransomware, Guster Ransomware, and OzozaLocker Ransomware are just a few infections that use it. Obviously, you cannot determine which infection has invaded your operating system just by looking at the extension. Luckily, the devious CryptoSweetTooth Ransomware also creates unique files called “RECUPERAR_ARCHIVOS.html” and “IMPORTANTE_LEER.html”, and if you face these files, you should be able to find out which threat you need to delete from your operating system. Both of these HTML files represent identical information, and, according to it, you are required to pay a ransom of 0.5 Bitcoins (~7000 ARS or 440 USD). The ransom note also informs that you must confirm the payment by writing at to receive the decryptor. Whether or not you would get a decryptor after paying the ransom is unknown, which is why we simply cannot recommend paying it. Check your backups to see if you have copies of your personal files or look into third-party decryptors (at the time of research, a decryptor compatible with this threat did not exist). All in all, you should exhaust all other options before even thinking about the ransom.CryptoSweetTooth Ransomware Removal GuideCryptoSweetTooth Ransomware screenshot
Scroll down for full removal instructions

Although your files will not get decrypted after deleting CryptoSweetTooth Ransomware, this infection is incredibly malicious, and you need to get rid of it as soon as possible. Hopefully, you can restore your files as well, but – as mentioned previously – paying the ransom should be regarded as the last resort. When it comes to the removal of this dangerous ransomware, the process is really simple. All you have to do is delete the launcher file, whose location you should be aware of if you have downloaded it yourself. Also, you should erase the ransom files. If you are unable to locate the malicious launcher, it is a good idea to install an anti-malware tool that will find and erase it automatically. Remember that this tool can also clean your PC from other existing threats (those that you might be unaware of), as well as protect it against other malicious threats that could easily attack your operating system in the future.

Remove CryptoSweetTooth Ransomware

  1. Right-click the malicious launcher file.
  2. Select Delete to get rid of this file.
  3. Delete the ransomware files called RECUPERAR_ARCHIVOS.html and IMPORTANTE_LEER.html.
  4. Empty Recycle Bin.
  5. Install a malware scanner to check for potential leftovers.

In non-techie terms:

Your virtual security will remain vulnerable as long as the malicious CryptoSweetTooth Ransomware remains active on your operating system. This threat is primarily created to encrypt your personal files and demand for a ransom payment; however, cyber crooks controlling it could use the connection to the Internet to download other malicious components as well. Therefore, even if you agree to pay the ransom, and your files are miraculously decrypted – which is not something you should rely on – you must delete this ransomware as soon as possible. The manual removal guide above should not pose any problems, unless you are unable to find the malicious launcher, in which case, you should not hesitate to install automated malware detection and removal software, which should also be capable of protecting your operating system in the future.