Cryptconsole Ransomware

We want to inform you about a newly released ransomware-type program that has been dubbed Cryptconsole Ransomware. This application was configured to encrypt the name and extension of your files to render them inaccessible. However, it does not ask you to pay a ransom. It seems that this program’s developers are not interested in money or this program is still at its development stage, and essential features are still missing. We recommend that you remove this application if it was to remain on your PC, but testing has shown that it should delete itself once the encryption is complete. To find out more about this ransomware, you can read this whole article.

We have found that this particular ransomware was first seen on 2 October 2017. Its origins are unknown, but it is clear as day that it was created by cyber criminals, but their country of origin is unknown. We have received information that the cyber crooks might distribute Cryptconsole Ransomware via malicious emails. Some suggest that they have set up a server that sends email spam automatically to randomly chosen email addresses. The emails most likely contain an attached file that may look like an invoice or something of that nature. It may appear that the attached file is a Word or PDF document and download this ransomware’s executable named “sv.exe” onto your computer when you open it.

If this ransomware manages to get onto your computer, then it will go to work immediately. It is worthy of a note that this particular ransomware does not encrypt the files themselves, but their names and file extensions. This method of encryption is rarely used, but it effective nonetheless. As a result, you will not be able to open your files and changing the name and extension manually will not help the situation. This ransomware uses the AES encryption algorithm which is very strong. However, we have received unconfirmed reports that a free decryption tool might be under way, so you should search for it if your PC happens to be infected with this ransomware.

Our research has shown that Cryptconsole Ransomware was coded in the .Net framework programming language, so cyber security experts can decompile it. After analyzing it, they should come up with a way to develop a decryption key. Note that this ransomware does not encrypt file located in the Windows folder, so your computer will work (to an extent) once your files have become encrypted. As previously mentioned, this ransomware should delete itself after the encryption is complete.

In conclusion, Cryptconsole Ransomware is a highly malicious application that can cause you a lot of problems if it manages to encrypt your personal files. Therefore, you should get an antimalware program to protect your PC from such infections. However, if your PC becomes infected with this particular ransomware, you should remove it and looks for a free decryption tool to get your files back. To get rid of it, we suggest using SpyHunter’s free scanner to detect where “sv.exe” is located and delete it manually. Please consult the guide provided below.

Removal Guide

1. Go to http://www.pcthreat.com/download-sph
2. Download SpyHunter-Installer.exe
3. Install the program and run it.
4. Click Scan Computer Now!
5. Copy the file path of the malware from the scan results.
6. Press Windows+E keys.
7. Enter the file path of the malware in File Explorer’s address box.
8. Press Enter.
9. Find and right-click sv.exe and then click Delete.