Cry Ransomware Removal Guide

Do you know what Cry Ransomware is?

If you have been lucky so far and no ransomware has invaded your computer, Cry Ransomware will definitely shock you. This infection can encrypt a lot of your photos, music files, and documents and you may lose these files forever unless you are ready to pay the ransom fee. You are supposed to get the unique private key and decryption software in return. However, this is not what usually happens when you deal with such cyber criminals who are behind an attack like this. Of course, it is possible that this time you are lucky and got hit by “nice” crooks who actually want to give you something for your money. But you should know that experience shows that this rarely happens. Your best chance to be able to restore your files is to have a backup saved on an external HDD or Flash drive. In any case, you cannot leave such a dangerous program on your computer if you intend to use it. Therefore, we are here to share with you how you can remove Cry Ransomware. Furthermore, we will also tell you more about this malware infection based on the tests our researchers have made in our internal lab.

This threat is similar to a lot of ransomware infections in several aspects. One of these is definitely the method used for its distribution. Our researchers have found that Cry Ransomware mainly spreads as a file attachment in spam e-mails. You may think now that “Oh, I would never open such a mail” but the truth is, if this ransomware hit you, not only did you have to open a spam mail but you must have downloaded and run the attached malicious file as well. Simply, there is no other way for this infection to infiltrate your system.

Unfortunately, these criminals count on the natural curiosity of people and this is how they can make you open their fake message. Most of the time it is not the biggest mistake though. But it is important for us to mention that certain infections can run a malicious code and drop a dangerous threat onto your system simply after you open the infectious mail. Yet, most often you need to download and view the attached file to activate the infection. So next time you find a mail in your inbox that suspiciously refers to an unpaid invoice, a wrongly made flight booking, mistakes with a credit card settlement you cannot relate to, you should be doubtful and double-check with the sender if the mail was really meant for you. Because if you are curious enough to see this alleged overdue invoice or whatever document is attached, it will be too late for you to delete Cry Ransomware; your files will have already been encrypted by the time you may realize that this infection has hit you.Cry Ransomware Removal GuideCry Ransomware screenshot
Scroll down for full removal instructions

This ransomware claims to use a “persistent military-grade crypto algorithm” called RSA-4096. You should know that these crooks are definitely right about one thing: It is impossible to decipher your files without the uniquely generated private key. This program attacks the following extensions: .bat, .txt, .log, .dat, .mp3, .jpg, .wmv, .bmp, .xml, .html, .css, and .js. The main targets are the %Homedrive%, %Allusersprofile%, and %Public% folders. This means that you could lose most of your photos, videos, and other program files in this invasion unless you make regular copies onto removable media. When this vicious program finishes its encryption, it displays its warning message, which is an .html file “hidden” in the %Temp% folder. This message is rather long; way longer than the usual few sentences. This note informs you about the attack and how you can tackle this crisis.

You are given three website URLs and you are to visit one of them. You need to use the personal ID you get in the ransom note to log in to these sites. Once you do so, you may get a bit worried because this site looks like an official site for the “Central Security Treaty Organization,” namely its department of pre-trial settlement. This may all sound very serious and definitely tricks a lot of users into paying up right away. Speaking of which, the ransom fee is 93 USD in this case, which cannot be called high when compared to the usual 100 to 1000 USD price. Just like in most cases, you are supposed to transfer this money in Bitcoins to a provided address. These criminals give you a chance to see that they are to be trusted and you can actually decrypt one of your files on this website. Obviously, you are promised to get the private key and the decryption tool once your transfer is confirmed. We cannot say that it is impossible that these criminals will give you what you need for this price, but we also do not want you to have high hopes. Should you decide to pay the fee, do not remove Cry Ransomware until you recover all your files.

Finally, it is time for us to give you a helping hand if you want to eliminate Cry Ransomware. While some ransomware programs may not be able to be deleted manually, this malware infection is quite easy to detect. If you do not mind getting your hands dirty a bit, please use our guide as a reference. But we know that not all users are up for manual removal. Therefore, we recommend that you clean and protect your computer with a trustworthy anti-malware program. But even if you decide to do so, it is also important that you keep all your programs and drivers always up-to-date to make sure that cyber criminals have a harder time to access your computer and your files.

Remove Cry Ransomware from Windows

  1. Press Win+E.
  2. Delete the malicious file you downloaded from the spam mail.
  3. Then, delete these files:
    %ALLUSERSPROFILE%\Start Menu\Programs\*.lnk
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\*.lnk
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\*.lnk
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\*.lnk
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\*.lnk
  4. Empty the Recycle Bin and reboot your computer.

In non-techie terms:

Cry Ransomware is a new dangerous threat that can take away all your personal files in a matter of a minute if it manages to sneak onto your computer. This ransomware is practically impossible to crack; at least, there are no tools to recover your encrypted files after the attack unless you pay the relatively low ransom fee (93 USD) to these crooks. While this could be your only chance to restore your files, we would still ask you to be very cautious. But no matter how you decide in the end, one thing is sure: You must remove Cry Ransomware from your computer if you ever want to use it again securely. If you want automatic protection for your PC, we suggest that you do your research to find a reliable security tool, such as SpyHunter, and install it as soon as possible.