- Slow Computer
- System crashes
- Slow internet connection
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
The cyber criminals who developed CryptoCat Ransomware demand users to pay a rather large sum of Bitcoins in 168 hours. Of course, there are no guarantees, and if you do not get the decryptor, you should not expect to receive a refund. The truth is that the ones who create such threats do not worry about the damage they could cause to their victims since all they care about is money. In this case, they are trying to scare users into paying the ransom by threatening to delete the decryption key. Under such circumstances, we advise you not to give in and ignore such requests. Also, if you do not plan on paying the ransom, it would be best to erase the malicious program. We will add removal instructions below the text, and if you want to know more about CryptoCat Ransomware, you should keep reading the article.
The infection was released quite recently, and there is still not much information about it. For instance, the researchers are still trying to figure out how this malware is spread. At the moment, we believe that it could be distributed with malicious email attachments. Such data might reach computer users with Spam emails. To give you an example, the attached file could look like a picture, audio or video file, text document, and so on. The file's title or text in the letter might say that the data is somehow related or relevant to you. Thus, some users often infect computers with threats like CryptoCat Ransomware because they want to satisfy their curiosity. In such situations, it would be better to take some precautions, e.g. scan the attached data with an antimalware tool.
What’s more, the malicious application is using the RSA-2048 encryption algorithm to encipher users private data. It can lock a variety of different file types, e.g. text document, pictures, videos, music files, and so on. The infection marks such data by adding a second extension called .cryptocat. For example, an enciphered text document could look like the following one text.doc.cryptocat. As soon as your files are encrypted, CryptoCat Ransomware should create a text file named as “Your files are locked !.txt” in the Desktop directory. It is a ransom note from cyber criminals as it contains their demands and instructions.
For starters, the note mentions a couple of email addresses (firstname.lastname@example.org and email@example.com) to contact the infection’s creators. Then it explains how the malicious program enciphered data and that to unlock it you need a private key or a decryption key in other words. Of course, it is hidden on a secret server available only for the cyber criminals. Also, as we mentioned in the beginning users are supposed to purchase the decryption tools in 168 hours. The price is 1.45 Bitcoins, and that is approximately 850 US dollars at the moment of writing.
Unfortunately, our specialists cannot confirm if the malware actually sends the decryption key to any server. Therefore, it is impossible to know if your data could be encrypted and even if it can be, no one can tell you if the malicious program’s creators will hold to their end of the deal. Either way, if you already decided not to risk your money, the only thing you should do is eliminate CryptoCat Ransomware.
Despite that we are adding a manual removal guide below this text, it is more advisable to get rid of the infection with a reliable security tool. That’s is because the threat is still new and we cannot be one hundred percent sure about its working manner. As a result, the instructions below may not help users erase CryptoCat Ransomware completely. Also, since the malware’s data could have randomly titled data it might be too complicated to locate it on your own. Thus, if you are an inexperienced user, it might be better to install a trustworthy antimalware tool on the infected computer. Afterward, launch the tool and perform a full system scan. The software should detect all malicious data on the computer, including other possible threats and you can erase it all by clicking the provided removal button.
Delete CryptoCat Ransomware