Crypton Ransomware

Your operating system might have been infected with the malicious Crypton Ransomware if you face an intimidating message with a ransom request and if your personal files are appended with the “.crypt” extension. According to our research, the ransom note can be represented in English and Russian, and that increases the number of potential victims. Just like most other ransomware infections that we have reviewed on this site (e.g., Angela Merkel Ransomware), this threat is executed via files that come attached to misleading spam emails. The message within the email might trick you into opening the file and unleashing the dangerous infection. The worst part is that most users do not even realize that malware is executed once they download the file that, of course, does not open the content that is expected. Speaking of the launcher file, do you know where it is? You will need to delete this file, and so it is important to know its location. Keep reading to learn more about the removal of Crypton Ransomware.

At this time, the C&C server linked to Crypton Ransomware is unresponsive; however, the infection is still capable of creating a point of execution under HKCU\Software\Microsoft\Windows\CurrentVersion\Run. The value is named “crypton,” and this is where the name of the infection comes from. The ransomware also drops a file called “crypton.exe” to the %APPDATA% folder. A registry key for this file is created as well. If you do not delete the components of the ransomware in time, it will start encrypting your personal files without any warning. Amongst various types of files that this infection encrypts, we see .doc, .jpg, .pdf, .ppt, .txt, and .zip files. Clearly, this infection corrupts personal files, and this is no surprise as it is unlikely many users would pay the ransom if their system files got locked. The window that pops up after the encryption is finished is used to introduce you to the ransom. According to our research, this window should not paralyze your Desktop, and you should be able to close it.

The “Attention!” message that Crypton Ransomware displays also acts as a payment form. According to the message, you need to pay a certain amount in Bitcoins; however, the sum is not specified, and so it is unknown what kind of ransom fee the creator of the ransomware expects you to pay. The intimidating message also informs that you should not delete Crypton Ransomware or try to recover your personal files yourself, and this, allegedly, could lead to their loss. At the bottom of the window, we have three empty boxes that are meant to represent the payment status, the Bitcoin address, and the payment amount. It looks like cyber criminals have left it up to you to decide what kind of sum must be paid. Well, here’s a question: Should you pay the ransom? Although a legitimate decryptor that could recover your files does not exist, and paying the ransom might be your only option, you must understand that paying the ransom is a huge risk. The truth is that you do not know if your files would be decrypted if you paid the fee. Needless to say, whether or not you pay the ransom, you must delete the ransomware from your PC, and we have created a guide that will help you delete this threat manually.

You have to delete Crypton Ransomware from your operating system, and we hope that you do this sooner rather than later. Of course, you might be focused on the decryption of your personal files first. Whether you manage to encrypt your files or you choose to sacrifice them, you have to erase the threat as soon as possible. An automated malware detection and removal tool will find and erase this threat in the quickest and most efficient manner, and, considering that other threats might be active on your PC, we trust that this is the best option for you. If the manual removal option is more interesting for you, follow the instructions below. As mentioned previously, you need to delete the launcher file, which you should be able to locate yourself because the chances are that you have downloaded and opened it yourself. If you cannot find the launcher yourself, use a legitimate malware scanner.

Crypton Ransomware Removal

1. Delete the malicious launcher (check the Downloads and Temp folders if you don't know where it is).
2. Tap Win+E keys on the keyboard to access Windows Explorer.
3. Enter %AppData% into the bar at the top to access the folder.
4. Delete the file named crytpon.exe (the name could be different in your case).
5. Tap Win+R keys to launch RUN and enter regedit.exe.
6. Navigate to HKCU\Software\ and Delete the key called Crypton.
7. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
8. Delete the value named crypton (the name could be different, but the value data should point to the malicious .exe file in the %AppData% directory).
9. Perform a full system scan to check if you need to delete any other malicious files or programs.