JohnyCryptor Ransomware Removal Guide

Do you know what JohnyCryptor Ransomware is?

JohnyCryptor Ransomware is probably the worst nightmare you have ever seen. This vicious ransomware can totally damage your virtual kingdom by encrypting not only your most important image, video, audio, and document files, but also all your executable files. This is a major blow to the metaphysical face of your computer. Once all your files have beeb taken hostage, you are informed by a small image on your desktop about the encryption and what you are supposed to do. Since it is a ransomware, you do not need to think too long to figure out that this is all about money extortion. Criminals usually demand 100 to 500 US dollar worth of Bitcoins in return for the decryption key or a tool that can decrypt the files. The problem is that there is no guarantee whatsoever when it comes to criminals and keeping their promises. Do you think they genuinely care about you and your files? According to our researchers, it is essential that you remove JohnyCryptor Ransomware ASAP. It is possible that you lose all your files in this battle if you do not have a backup copy to transfer it back onto your PC. Please let us tell you in more detail what our researchers have found out about this malware.

Our research shows that this ransomware mostly travels the web in spam e-mails. While there may be cases when the spam mail itself can automatically run a script upon opening and drop an infection onto your computer, JohnyCryptor Ransomware can mainly be found as an infectious attached file. This file can be disguised as an image, video, or text file. But, in reality, this is an executable file that you download because you are led to believe that it is very important for you to see the content of this file. However, running this malicious file only starts up this ugly infection; and the nightmare begins.JohnyCryptor Ransomware Removal GuideJohnyCryptor Ransomware screenshot
Scroll down for full removal instructions

That is why you need to be very careful every time you are going through your inbox. You may feel secure just because you have a spam filter. But you should know that some spam mails can fool such a filter and end up in your inbox. One or two clicks; that is all this infection needs to land on your system. But once it is activated, there is no way stopping it. Since its presence can only cause more destruction, we advise you to delete JohnyCryptor Ransomware from your PC immediately.

This ransomware is more vicious than the average since it targets all your .exe files apart from the usual pictures, videos, audio, and document files. The only files it leaves untouched can be found in the %WINDIR%. In other words, this infection does not affect the system files. Once it finishes with the encryption, which may take less than a minute depending on the specifics of your computer and the number of targeted files, it creates a text file on the desktop named "How to decrypt your files.txt" and changes the background to a relatively small image that contains a short ransom note. This malware executable also creates two copies of itself – one in "%WINDIR%\SysWOW64" and one in "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup". The name of this .exe file is random. This malware also creates the same "How to decrypt your files.txt" text file in this folder, and keeps the background image “How to decrypt your files.jpg" here, too. Since this infection makes sure that it starts up with Windows, every time you reboot your system, this ransomware reencrypts all your new files. That is why it is so important for you to remove JohnyCryptor Ransomware right away.

Your encrypted files get a unique name by changing them into the following format: "[random ID]" The text file on the desktop contains a very short message only that goes: "DECRYPT FILES EMAIL or" As you can see, you are supposed to contact these criminals via e-mail. In a reply e-mail you will get details regarding the amount and the payment method of the ransom that you have to transfer most probably to a Bitcoin address. Since you are dealing with criminals here, you should not have high hopes with regard to seeing your files again even if you pay the fee. We want to warn you that experience shows that crooks rarely decrypt the files after the ransom is settled. Paying the ransom is also risky from a technical point of view. It is possible that the criminals have to shut down their servers, which would mean loss of communication between the infection and the Command and Control servers. Thus, you may end up without a decryption key after transferring the money. Please consider this as well before making a decision.

It is not too difficult to eliminate this ransomware from your system. But keep in mind that even if you delete JohnyCryptor Ransomware, you will not be able to use any of your files. Our researchers have not managed to find a file recovery tool yet that could help you possibly decrypting your files. Right now your only chance is to have a backup copy on a removable drive. Please follow our guide below if you want to manually take care of this cleaning process. If you want to make sure that your PC is secure and remains that way, you should use a trustworthy malware removal program, such as SpyHunter, that will automatically detect and eliminate all known threats.

Remove JohnyCryptor Ransomware from Windows

  1. Press Win+E.
  2. Locate the "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" folder.
  3. Remove the three files related to this ransomware: The main executable file with the random name, "How to decrypt your files.jpg", and "How to decrypt your files.txt"
  4. Locate the "%WINDIR\SysWOW64" folder (64-bit) and delete the malicious .exe file. Look for the same .exe file name that you find in the Startup directory.
  5. Empty your Recycle Bin.
  6. Restart your computer.

In non-techie terms:

JohnyCryptor Ransomware is a very dangerous ransomware that seems to originate from India. This vicious ransomware infection does not only attack your personal photos, videos, audios, and documents, but on top of all these files, it also targets all your executable files. The only files that are safe from this nightmarish beast are your Windows system files. Once its job is done, you are instructed to send an e-mail for more details. You can only use your files again if you pay the ransom fee. We do not recommend that you pay this fee because there is no guarantee that you will get the decryption key from these criminals. Of course, it is up to you to decide. But, if you do not want to encrypt all your new files, you should remove JohnyCryptor Ransomware immediately. If you are looking for a decent and effective solution, we suggest that you use a reliable anti-malware application that can automatically take care of all your security-related issues.