Cry-trowx Ransomware

If your computer is filled with text documents saying you should write to ismail.kya9595@gmail.com to save your files you probably infected your system with a dangerous malware called Cry-trowx Ransomware. Our researchers found out it is not related to WannaCry Ransomware even though its title might suggest such possibility. This malware does not lock the screen; it encrypts user’s data, marks it with .locked extension, and then scatters copies of the mentioned document among folders containing locked files. The message does not exactly say anything about paying a ransom, but we have no doubt the reply letter would as such malicious applications are usually created for money extortion. However, no matter how important your files seem to be, we would advise you not to deal with hackers if you do not want to risk losing your money in vain. Users who have no wish to give their savings to cyber criminals could erase Cry-trowx Ransomware while following the instructions located below or with a reliable antimalware tool.

Researchers believe Cry-trowx Ransomware should enter the system after opening some suspicious file downloaded from the Internet or received via email. For example, it could be an infected text document, picture, video, software installer, and so on. Therefore, to stay away from similar threats it is recommendable to be more cautious with doubtful files sent by someone you do not know, found on untrustworthy file-sharing web pages or potentially malicious sites, etc. To ensure your computer’s safety you could also acquire a reliable antimalware tool and use it each time before opening a possibly dangerous file by doing a quick scan. Additionally, we would advise keeping away from data sent via Spam emails, unless you know exactly who sent it and why you received it.

According to our specialists, Cry-trowx Ransomware should not create any new data once it enters the system. This means the malware might start encrypting your files the moment you launch a file infected with it. Apparently, it can lock various types of data, for example, text documents, pictures, archives, videos, and so on. The only files the malicious application is supposed to avoid are the ones belonging to Windows or other programs installed on the computer. In any case, the user should not find it difficult to identify encrypted files since the threat might mark them with an additional extension titled .locked, for example, text.docx.locked, nature.jpg.locked, etc. What’s more, each folder containing locked files should have a text document called READ_AND_CRY_tNya48jf.txt. As you can probably guess the last eight characters at the end of the ransom note’s title are random, and so these documents should be titled differently on each infected device.

The message in the described documents should be short and written in English. The first sentence is supposed to say: “Hello All Your Important Files Are Encrypted by CrY.” As for the rest of the message, it asks users to contact Cry-trowx Ransomware’s creators via particular email address (ismail.kya9595@gmail.com). Thus, we can only assume the hackers will ask for a ransom and give instructions on how to make the payment only when the user contacts them. Naturally, we cannot say how much they could ask as we did not try to contact them ourselves, but we doubt it would be wise to put up with any demands. After all, there are no guarantees they will help unlocking encrypted files. On the contrary, once you pay, they could try to extort even more money from you.

For users who do not want to risk their savings, we recommend removing Cry-trowx Ransomware with no hesitation. If you choose to eliminate it manually, you should know the task could appear to be a bit complicated which is why we offer our deletion instructions located at the end of this text. There is one other way to get rid of the malware if you do not feel experienced enough or merely wish to check the system for other possible threats as well. What we mean is deletion with a reliable antimalware tool. Users who pick this option should simply install a tool they prefer, do a full system scan, and then wait till they see a report and a removal button.

Remove Cry-trowx Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find the malware’s process.
4. Mark this process and click End Task.
5. Exit Task Manager.
6. Tap Win+E.
7. Navigate to:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. See if you can find the malicious program’s launcher.
9. Right-click the suspicious file and press Delete.
10. Then find and erase files titled READ_AND_CRY_tNya48jf.txt or similarly.
11. Close File Explorer.
12. Empty your Recycle bin.
13. Reboot the system.