Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

CryptoKill Ransomware

CryptoKill Ransomware is a dangerous computer infection that first appeared in February of 2017. This low-grade ransomware is a copy of another ransomware, but it poses a threat to your computer’s security regardless. You have to remove it if you want to continue using your PC safely. Our research has shown that this ransomware does not offer its victims to pay a ransom to get their files back. This may be due to the fact that it is still a work in progress. In this article, we will discuss how this malware is distributed, how it functions and how you can get rid of it, so if it has managed to infect your PC, then we invite you to continue reading.

As mentioned, this new ransomware was first seen in February 2017. Our research has shown that this application is a copy of another low-grade open source ransomware called Hidden-Tear. Both of these programs might have come from the same developers, but we cannot confirm that at this time. Now let us move on to how this application is being distributed.

Our research has revealed that CryptoKill Ransomware is currently being distributed through malicious emails. Indeed, its developers have set up malicious email distribution campaign, and we have found that they have an email server dedicated to spamming unwary would-be victims with fake emails that can pose as tax return forms, receipt, invoices and other emails that typically include an attached file. In this case, the attached file can download this ransomware onto your PC if you open it so, obviously, you should not do that. However, few users are cautious these days, so the rate at which computers become infected with is set to increase.

CryptoKill Ransomware can encrypt many of your personal files, so if you have pictures, videos or documents that are valuable, then this ransomware might encrypt unless they are in a format that this program is unable to encrypt. Nevertheless, it seems that it has been configured to encrypt many file formats and it appends them with the ".crypto" file extension. It uses the AES-256 encryption algorithm to encrypt your files. This encryption method is very strong, and there is no free decryption tool currently available.

Initially, when this ransomware runs for the first time, it searches for the "%userprofile%\documents\test” directory and places a text file named "CRYPTOKILL_README.txt." However, if you do not have the test folder, then this ransomware will not drop the text file. "CRYPTOKILL_README.txt" serves a note, but not a ransom note because it does not provide any instructions on how to pay or get your files back.

So there you have it, now you know what CryptoKill Ransomware does and where it comes from. Now let us move on you how you can get rid of it. We think that this ransomware’s executable can be named randomly and placed anywhere on your PC. Therefore, locating it can be difficult. Therefore, we recommend that you use SpyHunter to detect it and then go to its location to remove it manually. Please consult the guide provided below.

How to delete this ransomware

  1. Go to
  2. Download SpyHunter-Installer.exe
  3. Run the Installation Wizard.
  4. Launch the program once it has been installed.
  5. Select Scan Computer Now! And let is scan the PC.
  6. Then, simultaneously hold down Win+E keys.
  7. Enter the file path from the scan results of the malicious file in the File Explorer’s address box and press Enter.
  8. Right-click the malicious files and click Delete.
  9. Empty the Recycle Bin.
Download Spyware Removal Tool to Remove* CryptoKill Ransomware
  • Quick & tested solution for CryptoKill Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.