Cry36 Ransomware Removal Guide

Do you know what Cry36 Ransomware is?

Our research team confirms that Cry36 Ransomware comes from the same family like the following infections: Cry9 Ransomware, Cry128 Ransomware, Dharma Ransomware, and Crypton Ransomware. Therefore, there are some similarities between these malicious applications, although the newest addition to this family appears to be more different than its previous versions. As you continue reading our report, we will tell you more details about this malware, so if you are eager to get to know the threat better, we encourage you to have a look at the rest of the article. Since we believe it is best not to deal with the hackers, especially, if you do not wish to risk your savings or get scammed, we recommend erasing Cry36 Ransomware as fast as possible and to assist our readers in this task we are adding a removal guide below the main text.

Quite often ransomware is being distributed through malicious software installers or infected email attachments, but in this case, it is possible Cry36 Ransomware could be spread by breaking in into the user’s system too. Some victims’ reports say they noticed their antivirus tool was uninstalled right before the malware appeared on the computer. Without the security tool, the system would be defenseless, and the PC could get infected. In such case, the hackers should only need to drop the threat’s installer onto the computer they gained access to and launch it. If the system was hacked, it most likely had some weak points, e.g. outdated operating system or other software on the computer, weak passwords, and so on. Thus, it is important to keep all of your tools fully updated and change passwords from time to time.

When the computer gets infected with Cry36 Ransomware, the malware may create a copy of itself in the %APPDATA% directory. To make the malicious application auto-start with the operating system, the threat could also create a new entry in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run location. Afterward, the infection should start encrypting your valuable data, e.g. photos, pictures, archives, videos, documents, etc. All of these files might be marked by a specific extension so you should easily separate damaged data from the one that did not get encrypted like program files or data belonging to the system. This particular extension could consist of unique users ID and hackers’ email address.

What happens when Cry36 Ransomware finishes encrypting its targeted files? Once this process is over, the user should receive a ransom note demanding to pay the hackers for a decryption tool. If you are considering such an option, we should warn you there are no guarantees the malware’s creators will live up to their end of the deal. There is also not knowing how much money will be enough for them as they could ask for more even after you already pay the requested ransom. For this reason, our researchers advise not to deal with the cyber criminals and get rid of the malicious application instead.

Deleting Cry36 Ransomware will not decipher locked data, but there are always other ways to retrieve it, e.g. copies on removable media devices, various recovery tools, etc. Plus, given time the volunteer IT specialists might be able to create a free decryption tool available to anyone. If you would rather try these alternatives than risk losing your money we encourage you to use the removal guide located above and get rid of this malware, although we cannot guarantee they will work for everyone. This is why we would additionally advise users to scan their system with a reputable antimalware tool. If there will be any data related to the infection left or any other threats on the computer the antimalware software will help you remove them.

Erase Cry36 Ransomware

  1. Launch Task Manager (Ctrl+Alt+Delete).
  2. Click the Process tab and see if you can find any suspicious processes.
  3. Select a process possibly related to the malware and press End Task.
  4. Close the Task Manager and open File Explorer (Windows Key+E).
  5. If the device might have been infected because you launched some suspicious file go to the Downloads, Temporary Files, Desktop, or other folders where such file could have been saved.
  6. Right-click the infection’s installer and press Delete.
  7. Insert the given directory %APPDATA% into the Explorer and press Enter.
  8. Locate the threat’s copy, right-click it and select Delete.
  9. Close the Explorer, then press Windows Key+R, type Regedit and choose OK.
  10. Navigate to the listed paths:
    HKCU\Software
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  11. Look for value names that could be related with the malicious application.
  12. Right-click such value names and press Delete.
  13. Close the Registry Editor.
  14. Empty Recycle bin.
  15. Restart the computer.

In non-techie terms:

Cry36 Ransomware is a malicious file-encrypting infection that was created for only one reason, and it is to extort money from users who receive the malicious application. For now, it is still unknown how much the cyber criminals expect to receive from their victims, but we would not recommend paying even if the sum appears to be small since hackers could always ask for more and in the end, you may not even get the promised decryptor. Thus, we believe the safest option is to ignore the demands and erase this malware. If you are not willing to risk your savings either we advise you to eliminate the infection with the removal guide placed above this paragraph or a reputable antimalware you could trust.