CryptoHost Ransomware

As you can tell from the name of the program, CryptoHost Ransomware is a malicious computer infection that takes your files hostage and demands a ransom fee to be paid immediately. It belongs to the most “popular” group of computer infections at the moment, and it might enter your PC using various methods. The good news is that this infection is not as dangerous as the most common ransomware programs that we are used to. This application only partially fulfills its threats, and it does not really encrypt your files like most of the ransomware programs do. Therefore, it is your chance right now to remove CryptoHost Ransomware from your system and restore your file access.

One of the most important things to understand about this infection is that it employs a distribution method that is slightly different from other ransomware means of transportation. Usually, ransomware programs are distributed like Trojans via spam email or website exploit kits. However, CryptoHost Ransomware spreads around like a freeware application, traveling in freeware bundles. Our security experts have found that this program often comes bundled with µTorrent, which, in turn, gets downloaded from unfamiliar and shady websites. Therefore, one of the best ways to avoid getting infected with this ransomware application is staying away from unfamiliar freeware pages.

Even if we take a step away from the ransomware for a moment, it should still be obvious that employing safe web browsing practice is your best shot at protecting your system and your data from potential exploitation. This means that you should never download programs from unfamiliar sources. And even if you do, you should read the installation wizard through and through before you install the program you have just downloaded. That having been said, it would not be surprising to find more than just one unwanted and potentially dangerous program on your system, but for now, we have to deal with CryptoHost Ransomware.

This program gets installed on your computer silently, and after the payload has been unleashed, it even provides you with the additional information on how to purchase bitcoins. You would need bitcoins to pay the ransom fee as this program (just like most of the ransomware) only accepts this digital currency. When the infection takes place, you see the following notification on your screen:

Your Computers Files have been Encrypted and Locked!

Your files have been encrypted and are unusable and inaccessible. <…>
The only payment accepted is Bitcoin. If you don’t know what Bitcoin is there are instructions on how to obtain Bitcoin and pay the Fee. <…>

Time Remaining: 10 Days

Unlock Fee: 0.38094 BTC \ 162 USD

The application asks for a relatively average ransom payment, and the message it conveys does not seem to be extremely terrifying. It does not say that it will delete your files or anything like that. In fact, there is a way to restore your files without paying the ransom fee. That is because this program employs different payload execution methods.

Once CryptoHost Ransomware enters your system, it zips all of your files into an RAR file. There is a list of file extensions that get affected by the zipping, and since the list is quite extensive, it is safe to assume that most of your frequently used files will be affected by this. You can find the archive in the %AppData% directory, but opening it will not be easy because the folder will be protected with a unique password.

Aside from that, the infection will also monitor a number of your processes, including anti-virus, system restore, Norton, comodo, avira, Task manager, and so on. It clearly shows that CryptoHost Ransomware wants to keep track of your activity and see how you approach your system’s security.

Nevertheless, it is rather surprising that the program does not put much of a fight when you try to remove it. We provide manual removal instructions below this article that you can use to get rid of CryptoHost Ransomware. Also, we will tell you how to restore your file and unzip the RAR file. However, that is not all. You should also consider investing in a licensed antispyware tool that would protect your computer from similar intruders. Not to mention that you should perform a full system scan that would detect other potential threats. This way you would be able to terminate all the dangerous programs at once.

How to Remove CryptoHost Ransomware

1. Press Ctrl+Shift+Esc and the Task Manager will open.
2. Highlight cryptohost.exe on the Process tab and click End task.
3. Close the Task Manager.
4. Press Win+R and type %AppData% into the Open box.
5. Click OK.
6. Locate the cryptohost.exe file and delete it.
7. Right-click your Recycle Bin and select Empty Recycle Bin.
8. Press Win+R and type in regedit. Click OK.
9. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
10. Locate the %AppData%\cryptohost.exe on the right pane and right-click to delete it.
11. Close the Registry editor.

How to Restore Your Files

1. Press Win+R and the Run prompt will open.
2. Type %AppData% into the Open box and click OK.
3. Find an RAR archive without extension with a 41-character name.
4. Enter password to extract files. Password: filenameusername (the RAR file name + your computer’s username).
5. When the files are extracted, restart your PC.