Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Ctf Ransomware

Ctf Ransomware is a new crypto-threat developed in April, 2017. Like similar threats, it is capable of encrypting files, but, luckily, the chances to encounter it are very low, according to researchers at, because it is an educational ransomware. In other words, it is not disseminated by cyber criminals with the intention of obtaining money from users easily. Unfortunately, we cannot promise that it will never show up on your computer because cyber criminals might start disseminating it actively one day. Are you reading this article because you have already discovered this infection on your computer and your files have been encrypted? If so, delete this threat without hesitation. At the time of writing, it is impossible to purchase the decryption key (there is no information about the payment provided to users), so users who encounter Ctf Ransomware usually believe that they have lost their files forever. Luckily, it is not true. If you ever encounter this threat and it encrypts your important files, you can decrypt them for free – our specialists have checked the source code of this infection and prepared decryption instructions. Use them to decrypt your files first and then go to eliminate this ransomware-type infection from your PC.

Although Ctf Ransomware has originally been developed for educational purposes and it is not distributed actively by cyber criminals, it might still find a way to slither onto your computer, e.g. you might download it from an untrustworthy page without even realizing that. If Ctf Ransomware ever enters your computer successfully, it will encrypt two folders: %USERPROFILE%\Documents and %USERPROFILE%\Desktop. Luckily, it does not touch other files, so you should not lose many of them. In addition, since system files will be left untouched, your PC will continue working smoothly. After the encryption of .doc, .txt, .pptx, .txt, .py, .c, .cpp, .h, and other files, this threat opens a window with three words “Hello… It’s me…” and a box “Enter Decryption Key” at the bottom. In addition, it drops a .jpg file whose original name “If you want to decrypt your files, you should inspect into the file” is encrypted with Base64 leaving it monstrous-looking: SWYgeW91IHdhbnQgdG8gZGVjcnlwdCB5b3VyIGZpbGVzLCB5b3Ugc2hvdWxkIGluc3BlY3QgaW50byB0aGUgZmlsZQ==.jpg. Fortunately, as mentioned in the previous paragraph, it is not likely at all that many users will find this infection on their computers, but, unfortunately, we cannot guarantee that you will not become one of its victims. Also, we cannot promise that it will not be updated and cyber criminals will not start using it to extract money from users.

Have you already found your files encrypted? If yes, you have only two options: you can go to decrypt files using our instructions (find them below this article) and then go to delete ransomware from the system or recover files from a backup. The latter method will be your only hope to get files back if you encounter more sophisticated ransomware infections in the future – it is usually impossible to decrypt files locked by ransomware without the special decryption key cyber criminals offer users to purchase from them.

It is hard to say something about the distribution of Ctf Ransomware because it is not actively spread at the time of writing; however, if it is ever updated by cyber criminals and they start using it as a tool for getting easy money, it will, most probably, travel as an attachment in spam emails. It is one of the most popular ransomware distribution methods, but, of course, other tactics might be adopted too. Even experienced users find it hard to protect their PCs from malicious software, so there is no doubt that inexperienced users will find this a challenging task too. Therefore, security specialists suggest using a legitimate automatic tool for protecting the computer and files.

First, go to remove the .ctf extension from files Ctf Ransomware has touched – decrypt them using our manual removal guide located below this article. Second, delete the ransomware infection fully. We do not think that many users will need instructions explaining how to remove this threat, but we have still placed them below just in case. Feel free to use our removal guide if Ctf Ransomware ever gets onto your computer or, alternatively, use an automatic malware remover to delete it automatically.

Ctf Ransomware manual removal guide

  1. Tap Ctrl+Shift+Esc.
  2. Click on the Processes tab.
  3. Find the process representing ransomware (it will have svchost in its description).
  4. Right-click on this process and select End Process.
  5. Delete suspicious files from %USERPROFILE%\Downloads, %USERPROFILE%\Desktop, and %TEMP% directories.
  6. Empty the Recycle bin.

Unlock files Ctf Ransomware has encrypted

  1. Tap Win+R.
  2. Enter cmd in the box and click OK.
  3. Type getmac and press Enter on your keyboard.
  4. Copy the first physical address, e.g. 74-D5-35-42-D3-75 and remove dashes leaving it something like this: 74D53542D375.
  5. Compute MD5 of your MAC address using an online tool (e.g.
  6. Copy the generated MD5 and use it as a decryption key, i.e. enter it the box (it is located on the window opened by Ctf Ransomware) and click Decrypt.
Download Spyware Removal Tool to Remove* Ctf Ransomware
  • Quick & tested solution for Ctf Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.