Remove Cryptorium Ransomware

How to Remove Cryptorium Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

CRYPTORIUM
Oh no, you had bad luck today. All your files are encrypted!
But! I have not deleted them yet! Purchase a “GBO KEY” to decrypt your files.
If not all encrypted files will be permanently deleted within 32h and then there is no way to recover them!
Be quick or no files!
*All servers are down at the moment!
You will have to find it out!
Oh and the gbo keys are all generated randomly! >:] “DECRYPT WITH CODE”

As its name implies, Cryptorium is a file-encrypting program. This nuisance belongs to one particularly harmful family of parasites. Ransomware. Every single PC user who’s had to deal with ransomware knows exactly why it’s dreaded. File-encrypting viruses are among the most problematic programs out there. To put it mildly, you’ve been quite unfortunate to get stuck with ransomware. It goes without saying you have to take measures as soon as possible. The Cryptorium virus pretty much follows the classic ransomware pattern. By using the AES-256 encrypting algorithm, it locks your files. Voila. In no department is this parasite original. Most ransomware infections actually work the same way. If you’ve seen one, you’ve seen them all. The parasite’s tricks start immediately after installation. For starters, Cryptorium performs a thorough scan of your PC system. All ransomware parasites do that in order to find your private files. Unfortunately, they successfully locate all the information you’ve stored on the machine. Cryptorium easily finds all your personal files. We’re talking photos, music, various pictures and videos, documents, presentations. You already know what the next step is, don’t you? Encryption. Thanks to its strong encrypting cipher, Cryptorium locks all your data. This pest doesn’t add an extension to the encrypted files like some infections do. However, it holds your data hostage the way every ransomware virus does. As you could imagine, this is part of the parasite’s shenanigans. Hackers only have one reason to encrypt your files and it involves money. You see, while locking your data, the virus creates payment instructions. You can find them in all the folders that contain encrypted files. Your desktop wallpaper gets modified as well. Now that hackers have your attention, they start playing mind games with you. The ransom messages you see are quite aggravating. According to these notes, there is only one way to free your encrypted files. Obviously, it involves you paying a certain sum of money in Bitcoins. Crooks offer you a deal. You pay the ransom and they provide you a special decryptor which allows you to unlock your data. The problem is, hackers were never famous for playing by the rules. Ransomware is just a clever attempt for a cyber fraud so you must be very careful. One single wrong move may cost you a hefty sum of money.

How did I get infected with?

Cryptorium travels the Web via an illegitimate version of FIFA 2017. That means it lies to your face and deceives you. To protect your machine from ransomware, stay away from anything suspicious-looking online. Pay attention. For instance, avoid unverified websites, third-party ads and unreliable torrents. Those usually pose a threat to your safety. In addition, parasites often travel the Web with the help of Trojans. That means you might have more malware on board to be worried about. Check out your PC; Cryptorium might be having some company. Another trick involves spam messages and spam email-attachments. If you open a rogue message/email, you automatically let the virus behind it loose. As a result, you compromise your own computer. To prevent that, delete what you don’t trust instead of clicking it open. Take care of your security before it’s too late. Prevention is a lot easier that having to remove malware afterwards. Therefore, be careful. Last but not least, ransomware may get installed via an exploit kit or a freeware bundle.

Why is Cryptorium dangerous?

The Cryptorium Virus exhibits a rich variety of malicious traits. As mentioned, this pest aims at your bank account. By locking your data, it attempts to blackmail you. Many PC users panic when all their private files get encrypted out of the blue. However, keep in mind this is nothing but a cyber fraud. Do not let hackers scam you and do not pay anything. Furthermore, Cryptorium’s servers are down at the moment. You will read this in the parasite’s stubborn ransom messages. With its servers down, you can’t receive any decryption key in exchange for your Bitcoins. Hackers claim you only have 32 hours to make the payment. Yes, you have a deadline. It’s cheap tricks like this one that are the reason why ransomware is so devastating. File-encrypting parasites are a complete and utter pest so take action. To delete the virus manually, please follow our detailed removal guide down below.

Cryptorium Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Cryptorium Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Cryptorium encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Cryptorium encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.