Jew Crypt Ransomware Removal Guide

Do you know what Jew Crypt Ransomware is?

We want to inform you that Jew Crypt Ransomware is a highly malicious computer infection that was designed to encrypt your personal files and demand that you pay a ransom for the decryption key. Due to the fact that its current version does not work as it is supposed to, it does not encrypt any files and places the decryption key locally on the PC. Therefore, there is no need to pay the ransom, and you can emerge from the clutches of this ransomware unscathed by removing it. There are more than a few things to tell about this program, so if you are interested, please read this whole article.

Before we go any further, it must be said that this ransomware is only semi-functional. It can infect your computer, but it is unable to encrypt your files. However, we cannot guarantee that that is the case with all of its samples. The sample tested by our malware analysts did not encrypt any startup, but this does not mean that this program will not do this in the future. Our analysts say that this ransomware might still be in development because some lines that should contain text are left with Label4" and "Label5", which represents the VB (Visual Basic) programming language. Therefore, that might be the reason why this ransomware cannot encrypt your files.

However, if it did, then it would demand you pay 0.01 Bitcoins (9.23 US dollars). Note that the sum to be paid can vary depending on how many files you have. If you pay the ransom, you will have to contact the developer via email (ransom@mail2tor.com) to receive your decryption key. However, the developer has made an error when he developed this ransomware and, in some cases, the decryption key can be found in a text file named key.txt at C:\WinSec. Researchers say that the default key is "JewsDid911, " but it is subject to change since this ransomware should be updated and refined to work properly. Nevertheless, you might get luck and get your files back if it encrypts them, but you still can use the given key to decrypt them.Jew Crypt Ransomware Removal GuideJew Crypt Ransomware screenshot
Scroll down for full removal instructions

Jew Crypt Ransomware consists of one executable file hat can be named Crypto.exe or ransomware_mail2tor_com.exe. This file is dropped in a hidden location at a hidden location on your PC and set to run automatically on system start up. Its dropper file creates a registry string named Updater at HKLM\SOFTWARE\Microsoft\CurrentVersion\Run that launches this ransomware when Windows boots up. The dropper file is distributed via email spam that is sent to random users by a dedicated email server. The emails may appear legitimate and claim to have a document of some kind. However, the document is actually the dropper file that secretly downloads this ransomware when you open it.

In closing, Jew Crypt Ransomware is an unfinished, semi-working ransomware that might not encrypt your files, but that does not mean that you can let it remain on your PC. You should not ignore it because it can be updated and it could string into action and encrypt your files. As mentioned, it5 can store its decryption key locally, but that might not always be the case. Therefore, we recommend that you remove Jew Crypt Ransomware as soon as you can. You can use SpyHunter’s free scanner to detect its executable to delete it manually.

Remove Jew Crypt Ransomware

  1. Open your browser.
  2. Go to http://www.spyware-techie.com/download-sph
  3. Download SpyHunter-Installer.exe
  4. Install the program and run it.
  5. Click Scan Computer Now!
  6. Press Windows+E and copy the file path of the executable from the scan results.
  7. Type the file path of the executable in File Explorer’s address box.
  8. Press Enter.
  9. Right-click the file and click Delete.

Delete the registry string

  1. Press Windows+R keys.
  2. Enter regedit in the box and click OK.
  3. Go to HKLM\SOFTWARE\Microsoft\CurrentVersion\Run
  4. Find Updater, right-click it and click Delete.

In non-techie terms:

Jew Crypt Ransomware is a non-functional ransomware-type infection that can get onto your computer via spam mail. The version we tested did not encrypt any files, but that does not mean that that will always be the case. Please do not pay the ransom and remove this computer infection as soon as you can. Please refer to the instructions above.