Kripto64 Ransomware

Malware analysts have detected a new dangerous computer infection - Kripto64 Ransomware. It is based on the engine of an open-source ransomware Hidden-Tear, but, unlike this ransomware infection, it does not currently encrypt files. As a consequence, researchers at pcthreat.com believe that the server of this infection is already down and it is no longer active. Also, this might indicate that it is a poorly-made ransomware. In any event, it needs to be erased from the system because it might be updated soon without your knowledge and then lock personal files, including images, videos, and documents. Has this already happened to you? If you are sure that you cannot access your important files because of the entrance of Kripto64 Ransomware, you need to delete this infection too. It will try to convince you to send a certain amount of money in exchange for the decryption tool, but you should erase this infection and then try to unlock those files using other methods, e.g. use a free data recovery tool or restore files from a backup. Sending money to cyber criminals to get the decryption tool might seem to be the easiest way to unlock the encrypted data; however, the problem with this method is that you might get nothing from them.

Judging from the language Kripto64 Ransomware uses, it primarily targets Turkish-speaking computer users. Of course, this does not mean that users living in other countries are safe and have no chance of encountering this infection. Just like older ransomware-type infections, e.g. Cradle Ransomware, Final Ransomware, and AngryKite Ransomware, Kripto64 Ransomware illegally enters computers. It should encrypt users’ files and then open a black window containing the information for users. Our files stayed unencrypted, but it does not mean that your files will not be touched too. Either way, do not even consider paying 500TL (~134 USD) to cyber criminals to get the decryption tool. In fact, it might not be even possible to make a payment because no payment details are provided. This proves again that Kripto64 Ransomware is poorly-made, or it is still in the development phase. If your files have been encrypted but you cannot transfer money to cyber criminals, you can wait for a free decryption tool to become available, or you can try to restore your data from a backup. It will not be possible to do that if this backup is stored on the computer because, most likely, it has been encrypted too. You could also not do that if you have never backed up your file, i.e. a backup does not exist. This is the only thing you can do because it is extremely hard, or maybe even impossible, to crack the AES encryption used by Kripto64 Ransomware.

Researchers have found that this ransomware infection is usually spread through spam emails and their attachments. Kripto64 Ransomware enters the system only when a malicious attachment is opened. Once it is inside the system, it does not create a point of execution (PoE), drop files, or apply changes in the system registry. Evidently, it is not the most sophisticated malicious application. It, of course, does not mean that ransomware infections applying many changes do not exist. They not only encrypt users’ files, but also make it extremely difficult to remove them. Consequently, users must have security software enabled on their computers to prevent them from entering their systems. They should also not forget that spam emails might promote malicious software and, because of this, it is better to ignore them all.

If you have found your files encrypted, the Kripto64 Ransomware removal will not change their status, but it is still a must to eliminate this ransomware infection to protect future files. As has already been mentioned in this article, this infection is not that kind of threat which applies important changes on the computer after the entrance. As a consequence, it should be enough to delete the malicious file launched to close it. Most probably, it is located in the Downloads folder or on Desktop; however, if it happens that you cannot find it anywhere, you should scan your computer with a reputable antimalware scanner, such as SpyHunter. It will find and delete all malicious components for you thus making ransomware gone.

Delete Kripto64 Ransomware

1. Click X on the black window opened by Kripto64 Ransomware.
2. Press Win+E to launch the Windows Explorer.
3. Check these two directories (enter a directory in the address bar of Windows Explorer to open it): %USERPROFILE%\Downloads and %USERPROFILE%\Desktop.
4. Delete the malicious file you find.