CryForMe Ransomware Removal Guide

Do you know what CryForMe Ransomware is?

It takes just one look at the name to say that this program is yet another ransomware infection. Our research team says that the program might be still in development, so it is not clear how many systems will have been infected by CryForMe Ransomware once the program is fully operational. Nevertheless, if you see that your system has been infected with this application, you need to remove CryForMe Ransomware immediately. It might not be possible to restore the encrypted files, but your main priority should be your computer’s stability.

There are ransomware programs that are built from scratch, and there are infections that are already based on something. CryForMe Ransomware is a computer infection that is based on the Hidden Tear ransomware program. Hidden Tear ransomware is an open-source program, which means that its code is available for anyone out in the open, as long as they know how to access the domain that hosts it. Consequently, there are quite a few ransomware programs based on this Hidden Tear code. To name just a few, the list includes Executioner Ransomware, R4bb010ck Ransomware, Resurrection Ransomware, and others.

The difference between ransomware and other programs that might be based on the same code is that once you customize your ransomware infection code, the program basically works as a stand-alone infection. It means that even though several programs have the same roots, the infections cannot be treated with the same remedy. Hence, if one decryption tool worked for one program, it will not work on CryForMe Ransomware. Unfortunately, since the infection is still new, there is no public decryption tool that would be available for you. Thus, it means that you might have to retrieve your files the old-fashioned way: from your external backup.

We have recently discussed a program based on Hidden Tear ransomware that was targeting the Dutch market. Although the ransom message on CryForMe Ransomware has not been changed yet, evidence shows that the program might be in development for the Italian market. When programs are intended for specific markets, they do not spread too far, and that is also another reason it might be hard to get a public decryption tool: Researchers tend to focus on wide-spread infections that affect thousands of users worldwide. It is rather discouraging, considering that this ransomware program works just like any other notorious infection out there.

When it enters your computer, it displays a blue window with the instructions on how to restore your files. You can be sure that this program will have your picture and document format files encrypted. You can check it by going through your files yourself. The encrypted files will have the .locker or .cryforme extensions added to their filenames. The infection will also ask you to pay 250EUR in Bitcoins for the decryption. Like most of the ransomware programs, it gives you several deadlines. One deadline says that the payment will be raised if you fail to transfer the deposit until the given date, and the final deadline threatens that your files will be deleted for good.

Does CryForMe Ransomware restore your files if the payment is transferred? That is highly unlikely. Of course, there are ransomware programs out there that do relay the decryption code once they get the money, but for the most part, the connection between the infection’s command and control center and your computer might be too shaky for decent communication. In fact, it is far more likely that the criminals will collect the money and just scram. Hence, you should not consider paying a single cent.

The program does not drop any additional instruction files or its own executable files. It makes it easier to remove CryForMe Ransomware from your system. You just need to delete the suspicious files you have recently launched or downloaded. The ransomware installer’s filename can be completely random, so it might help if you remembered the file you opened right before the infection manifested itself.

If you are not sure which files you have to remove, please scan your computer with the SpyHunter free scanner. This will also allow you to locate other undesirable products (if present), and you will be able to fully protect your PC from harm.

How to Remove CryForMe Ransomware

  1. Open your Downloads folder.
  2. Look for unfamiliar executable files.
  3. Delete the files.
  4. Scan your computer with a security tool.

In non-techie terms:

CryForMe Ransomware is a malicious infection that intends to make some easy money. It will bully you into paying the ransom for your encrypted files. However, computer security experts recommend restoring your files from a file backup (either external or cloud). You should not consider paying the ransom because that would only encourage the criminals behind this to continue with their malicious acts. Remove CryForMe Ransomware right now and make sure you avoid similar infections in the future.