- Can't be uninstalled via Control Panel
- Installs itself without permissions
- Changes background
- Connects to the internet without permission
- System crashes
- Slow Computer
It has been noticed that JS.Crypto Ransomware itself encrypts hundreds of different files. These files are documents, pictures, music, and videos mainly, so they usually have the following extensions: .jpg, .jpeg, .pmd, .ppsx, .mp3, .mp4, .mpeg, .wmv, .sdf, .mpa, .dot, .docx, .aet, .ppj, .indl, .3gp, and others. Their appearance will probably not change, but you will simply not be able to access any of them. The inability to access the majority of files is not the only symptom which shows that a ransomware infection has slithered onto your computer. Specialists working at pcthreat.com say that you will definitely notice a warning message on your screen too. If you see it (the text of the message is provided below), there is no doubt that JS.Crypto Ransomware has managed to enter your system.
As can be seen, cyber criminals seek to convince users to make a payment. They give only 4 days for that and say that the payment will increase after the time ends. They also promise to decrypt one file for free in order to prove that they can decrypt all of them. It is up to you whether to make a payment of 0.1 Bitcoins (approximately $35) or not; however, we do not recommend doing that if you have a backup (e.g. files on a USB flash drive) of your files. Unfortunately, there is no other way to gain access to files at the moment.
JS.Crypto Ransomware is distributed as a client.scr file. As it is a WinRAR self-extracting archive, it will immediately extract files to %Temp% and %AppData%\Microsoft\Windows\Start Menu\Programs\Startup directories and add a shortcut in Startup after a user clicks on it. It has been observed that JS.Crypto Ransomware adds the following files to the system:
As can be seen, JS.Crypto Ransomware adds files that resemble legitimate Google Chrome files, e.g. chrome.exe in order not to be detected and removed so easily. We also want to mention that JS.Crypto Ransomware will add ChromeService.lnk to the main directory (%AppData%\Microsoft\Windows\Start Menu\Programs\Startup) in order to be able to start together with Windows OS.
JS.Crypto Ransomware is spread using different ways. Specialists have found out that it might enter your system after you click on a bad link or advertisements, open a spam email attachment, or download an unreliable program from a third-party web page, torrent or a file-sharing website. JS.Crypto Ransomware is definitely not the only ransomware infection that exists, so we highly recommend that you install a reputable security tool if you want to protect your system from similar infections that might try slither onto your PC.
It is definitely not easy to remove JS.Crypto Ransomware manually; however, you still have to do that because this threat might encrypt your new files. Below are placed instructions which will help you to get rid of this threat manually. In case you do not feel experienced enough to do that yourself, scan your system with the SpyHunter antimalware scanner. Either you implement the JS.Crypto Ransomware removal yourself or use an automatic tool, this, unfortunately, will not help you to decrypt your files.
Remove JS.Crypto Ransomware from PC
Display hidden files and folders
Delete directories and files