Clicky

What is CryptoPokemon ransomware? And how does it implement its attack?

CryptoPokemon ransomware is a new strain of ransomware that locks important files and demands a ransom payment of 0.02 Bitcoin which is approximately $104 at the time of writing. It was first discovered by IntezerLabs and according to security experts, it is a new variant of the PokemonGo ransomware.

CryptoPokemon Ransomware

After it invades a computer, CryptoPokemon will begin to implement its attack starting with a data harvesting module that is classified into two main categories. The first one is responsible for extracting data from the computer that could reveal the identity of the users by scanning the system for strings like phone number, address, email address, real name, stored account credentials, and many more while the second one is the information about the computer’s hardware. After the first module is implemented, it then employs the second module, stealth protection where it uses the harvested information along with some malicious components in order to bypass any security programs installed in the computer.

Moreover, CryptoPokemon ransomware also modifies the Windows Registry so that it can run automatically every time a user turns on the computer. It also scans the computer for its targeted files and starts the encryption using a combination of SHA256 and AES128 encryption algorithms. Once the encryption process is completed, it appends the .CRYPTOPOKEMON extension to every encrypted file and then locks the screen. The locked screen contains the following ransom note:

“All files on your computer are encrypted. Files have the extension CRYPTOPOKEMON.
Do not try to decrypt the files yourself, this will only contribute to the loss of all your data on the computer.
To decrypt files, please transfer 0.0200000 BTC to 1Lx46kNYSXTRwMWBxhxxdW3nisJ61yfVoW
After you transfer money, write to email
[email protected], saying this word “12356749412506806744”.
For advanced users:
After transferring money, go to http://cryptopokemon.top/, and follow the instructions.
Your computer ID: 12356749412506806744
To enter the site, use the browser.
COPYRIGHT (c)2019 PokemonGO CRYPTOLOCKER pokemongo.icu”
If you visit the site indicated in the ransom note, you will see another kind of ransom note that states:
“Hello, stranger.
If you hit this site, then all files are encrypted on your computer.
You must be able to enter your computer ID.
You are a great user. If you don’t have enough money to pay, you can get a new computer 🙂
Well, if you are a lamer, then please write to
[email protected] and describe your problem. Our valiant support will help you solve this problem.
Enter PCID
You pcid
[GET MY DECRYPTOR]
(c) 2019 PokemonGo team”

How is the payload file of CryptoPokemon ransomware disseminated online?

The payload file of CryptoPokemon ransomware is disseminated via a malicious spam email campaign. This method has been used by cyber crooks in launching massive spam email campaigns against online users worldwide. In fact, crooks tend to disguise these malware-laden emails to make them seem legit and to lure users into opening them and downloading the infected attachment. This is why you need to check the content of the email first before you click on any link or download any attachment. And before you open any attachment, you have to scan it first to make sure that the file is safe to open.

Obliterate CryptoPokemon ransomware from your infected computer with the help of the instructions laid out below and the advanced guide that follows.

Step_1: First, boot your computer into Safe Mode with Networking, and afterward, you have to terminate the malicious processes of CryptoPokemon ransomware using the Task Manager and to open it, tap Ctrl + Shift + Esc keys.

Step_2: Go to the Processes tab and look for the malicious processes of CryptoPokemon ransomware like CryptoPokemon.exe and then right-click on it and select End Process or End Task.

Step_3: Close the Task Manager and open Control Panel by pressing the Windows key + R, then type in “appwiz.cpl” and then click OK or press Enter.

Step_4: Look for dubious programs that might be related to CryptoPokemon ransomware and then Uninstall it/them.

Step_5: Close Control Panel and then tap Win + E to launch File Explorer.

Step_6: After opening File Explorer, navigate to the following directories below:

  • %TEMP%
  • %APPDATA%
  • %DESKTOP%
  • %USERPROFILE%\Downloads
  • C:\ProgramData\local\

Step_7: From these directories, look for the malicious components of CryptoPokemon ransomware such as CryptoPokemon.exe, and [random].exe and then delete all of them

Before you proceed to the next steps below, make sure that you are tech-savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you trouble and time, you can just use Restoro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.

Step_8: Close the File Explorer and tap Win + R to open Run and then type in Regedit in the field and tap enter to pull up Windows Registry.

Step_9: Navigate to the listed paths below and look for the registry keys and sub-keys created by CryptoPokemon ransomware.

  • HKEY_CURRENT_USER\Control Panel\Desktop\
  • HKEY_USERS\.DEFAULT\Control Panel\Desktop\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Step_10: Delete the registry keys and sub-keys created by CryptoPokemon ransomware.

Step_11: Close the Registry Editor.

Step_12: Empty your Recycle Bin.

Congratulations, you have just removed CryptoPokemon Ransomware in Windows 10 all by yourself. If you would like to read more helpful articles and tips about various software and hardware visit fixmypcfree.com daily.

Now that’s how you remove CryptoPokemon Ransomware in Windows 10 on a computer. On the other hand, if your computer is going through some system-related issues that have to get fixed, there is a one-click solution known as Restoro you could check out to resolve them.

This program is a useful tool that could repair corrupted registries and optimize your PC’s overall performance. Aside from that, it also cleans out your computer for any junk or corrupted files that help you eliminate any unwanted files from your system. This is basically a solution that’s within your grasp with just a click. It’s easy to use as it is user-friendly. For a complete set of instructions in downloading and using it, refer to the steps below

Perform a full system scan using Restoro. To do so, follow the instructions below.

  1. Download and install Restoro from the official site.
  2. Once the installation process is completed, run Restoro to perform a full system scan.
    restoro laptop1
  3. After the scan is completed click the “Start Repair” button.
    restoro laptop2
logo main menu

Copyright © 2024, FixMyPcFree. All Rights Reserved Trademarks: Microsoft Windows logos are registered trademarks of Microsoft. Disclaimer: FixMyPcFree.com is not affiliated with Microsoft, nor claim direct affiliation. The information on this page is provided for information purposes only.

DMCA.com Protection Status

Log in with your credentials

Forgot your details?