CryptoRoger Ransomware

CryptoRoger Ransomware is a dangerous infection that can enter your computer via email spam and encrypt your files making them utterly useless. It goes without saying that you have to remove it to continue using your computer safely. Unfortunately, there is no way you can decrypt the encrypted files without the necessary decryption key. This ransomware’s developers offer you to purchase the said decryption key, but they ask for a lot of money and the files on your system might not be worth it. Also, it is likely that they will not even send you the key, or you might not receive even if they send it to you. In short, many things can go wrong when trying to acquire the decryption key which should also come with a dedicated tool.

The developers of this malicious software have opted for the most popular distribution method used to infect the computers of the unsuspecting victims. Of course, we are referring to email spam which is the most popular distribution channel due to its high successful infection rates. Many people accidentally get their computers infected with the likes of CryptoRoger Ransomware because they open attachments containing it. This particular infection is supposed to come in a file archive that contains its main executable. The executable may be renamed and disguised as, for example, a PDF file or a Word document. Indeed, ransomware developers have the skills to do this. Once on your computer, this ransomware will not copy itself to a hidden location but run from the directory you downloaded or extracted it to. This is essential when removing this infection because its executable is the most important file.

According to our research, once on your computer, CryptoRoger Ransomware will scan it and encrypt almost file formats and add the .crptrgr file extension. It will also create an .html file named !Where_are_my_files!.html in every location that contains an encrypted file. We have discovered that this ransomware uses the AES-256 symmetric encryption algorithm to encrypt the files and the RSA encryption algorithm for encrypting the key needed to decrypt the files. So the key is already present on your system, but you do not have access to it as it is also encrypted. The file that contains this key is keys.dat which found in %APPDATA%. Also, it creates two other files named bg.jpeg which is set to replace your desktop wallpaper and files.txt which contains the complete list of all encrypted files. Once CryptoRoger Ransomware has finished encrypting the files it will create a registry key at HKCU\Software\CryptoRoger which contains some unrecognizable data. Nevertheless, you have to delete this key along with the executable and additional files.

Furthermore, after this malware has completed encrypting your files and generated the !Where_are_my_files!.html file, it will demand that you pay a ransom for getting the key to decrypt your files. The ransom note states that the developers want you to pay 0.5 BTC or $360 USD. To get the address to which to send the Bitcoins you have to contact them via uTox, a Tor messaging service. uTox must be running for the developers to send you the decryption tool and key if you decide to purchase it. So if you are offline, then you will not receive them. Also, the developers might not send you them at all once they have gotten your money.

All in all, CryptoRoger Ransomware is a very dangerous infection that will render your precious files useless. The only way you can protect your system from it is by installing an anti-malware program. We recommend SpyHunter as it can detect and prevent CryptoRoger Ransomware from infecting your PC. It can also assist in removing it. Nevertheless, you can try to delete its files manually, but you have to know the exact location of its executable.

Removal Instructions

1. Locate and delete this infection’s executable file.
2. Press Windows+E keys on your keyboard.
3. Enter %APPDATA% in the File Explorer window’s address bar.
4. Find and delete bg.jpeg, files.txt, and keys.dat

Delete the registry key

1. Press Windows+R keys on your keyboard.
2. Type regedit in the box and click OK.
3. Find and delete the registry key at HKCU\Software\CryptoRoger