Recently, our specialists have identified another one of the newest ransomware type of infection called the CryMore Ransomware. This ransomware was detected at the beginning of June, 2017. This malicious application has been categorized as a ransomware since it demands money from its victims for the decryption key of the files that are encrypted. This ransomware uses an AES encryption algorithm to encrypt its victims files to make them pay the ransom. Most ransomware type of infections except for the fake ones, really encrypt the victim’s files like their pictures, documents, and other important files. This ransomware’s name resembles that of the WannaCry ransomware but both are not related. The CryMore ransomware is created based on the Hidden Tear ransomware project by a hacker named TMC. There is also a possibility that this ransomware can delete some of your files’ records based on their extension, .crymore. The .crymore extension, as stated earlier uses an AES algorithm cryptography. It appends its extension to each of the targeted files.
Below are some parts of the ransom note:
“all your files are encrypted by CryMore using a strong method!
All your files (expect : exe, ink, jar, sys, vbs, dll) has been encrypted using AES this method…using a “password”…
this password is same password to decrypt your files… how to get it ? …Sorry but you have
don’t even try to decode your files without paying because you will cause only file losing! I hope you understand the dangerous…”
As you can see, the ransom note is not what you call believable or that convincing since it contains tons of mistakes and you can hardly tell what the criminals are telling its victims. It tells their users that their files have been locked and that they need a password to decrypt their files which of course can be obtained by getting it from the cyber criminals. Moreover, the exact amount of money is not stated although the victims are told they can unlock their files by paying the ransom in Bitcoins which has to be done before the clock reaches zero.
According to our specialists, the CryMore Ransomware might still be in development. But that does not make it any less dangerous for its developers might finish it one day so you have to get rid of it while you still can. And by getting rid of it, we are not talking about paying the ransom. Don’t even for a second think about it for there is no guarantee that you will recover your files at all. Apart from that, you might also be disclosing private information such as your credit card details if you ever decide to pay the ransom which is never an option to begin with.
The distribution of the CryMore ransomware is usually through spam emails wherein an infected file or corrupted link is attached to it. Many users fell into its trap since the email is disguised as a harmless one. It even gets creative by using the names of big companies like a bait to trick you into opening and downloading the attachment. That’s why you have to take precautions whenever you download anything from the internet especially if it’s from an unknown source.
You will, first of all, need to close its window by tapping Alt+F4 or killing the malicious process. Second, you will need to find and delete all suspicious files. Our manual removal guide (find it below this article) should help you to take care of this infection.
How to remove CryMore Ransomware from your computer:
1. Kill the malicious process by pessing Alt + F4.
2. Restart your computer into Safe Mode.
3. Open the Windows Task Manager by pressing Ctrl + Shift + Esc. Go to the Processes tab
Locate the CryMore Ransomware or any suspicious processes. Right-click on them and select Open File Location then scan them using any up-to-date antivirus. After opening each folder, end the infected processes and delete their folders.
- Press the Start button + R, then copy + paste:
notepad %windir%/system32/Drivers/etc/hosts. Then click OK.
After that, click the Windows button located at the lower-left corner on your screen and type msconfig on the search box and this window below will show up:
Go to the Startup tab and unmark entries which have an unknown manufacturer.
Delete everything under these directories.
Erase everything on the Temp folder.
6. Empty the Recycle bin.
7. Scan your computer using SpyRemover Pro to make sure that your computer is safe from the CryMore Ransomware and to ensure that all its leftover have been removed from your computer as well. It would really be a big help to have this kind of antivirus and anti malware from your computer to prevent ransomware like CryMore and other threats for that matter from infecting your computer in the future.