CryMore Ransomware Removal Guide

Do you know what CryMore Ransomware is?

CryMore Ransomware is one of the newest ransomware-type infections detected by our specialists. This malicious application has fallen into this category because it demands money and claims that it has encrypted all users’ files using the AES encryption algorithm in order to make them pay money. The majority of ransomware infections really encrypt users’ personal files (e.g. pictures, documents, and media files), but, frankly speaking, CryMore Ransomware is not one of them even though it opens a window on a user’s Desktop after the successful infiltration claiming that files have already been locked. Of course, there is a possibility that our specialists have tested a version that does not work properly. On top of that, CryMore Ransomware might still be in development. In this case, cyber criminals might finish it one day, and, if this happens, it might start encrypting users’ files. No matter which version of this nasty infection you have encountered, delete it from your system without consideration, and do not even think about sending money to cyber criminals. Transferring money is always a bad idea no matter your files have been encrypted or they are fine.

Our experienced specialists first detected CryMore Ransomware at the beginning of June, 2017. Although some time has passed since its first detection, it is still not a prevalent threat at the time of writing. Of course, it might illegally arrive on your computer one day. If this happens, you will find a window opened on your Desktop. It will tell you that “all your files are encrypted by CryMore using a strong method.” Although the message located on the opened window contains a ton of mistakes, it is not hard to understand what cyber criminals want to tell users. First, users are told that their files have been locked, and then they find out that they need a “password” to decrypt their files. Of course, it can only be purchased from cyber criminals behind the ransomware infection. The exact amount of money required is unknown. Victims are told that they could unlock their files only if they send a ransom in Bitcoins. This has to be done before the clock reaches zero. It does not mean that your files have been encrypted if you see this window on your Desktop, so do not hurry to send money to cyber criminals. Actually, if you encounter the version of CryMore Ransomware our specialists analyzed, you could not even send cyber criminals money even if you want to – there are no instructions provided to users. Of course, newer versions of this threat might act in a different way. Either way, you should not send cyber criminals a cent even if you find your files encrypted.

We are going to help you remove this malicious application from your PC in the last paragraph of this article, but before we do that, we want you to know more about the distribution of ransomware infections so that it would be easier to prevent other crypto-threats from slithering onto the system for you. Although it is not very easy to talk about the dissemination of CryMore Ransomware, specialists are 99% sure that it is distributed via spam emails mainly. It is spread as an attachment in these emails, but it does not look harmful at first glance, so users open these attachments and allow a ransomware infection to enter their computers without knowing anything about that. You must be more careful in the future. If you are not going to change your habits, at least install a security application on your computer.

Have you encountered CryMore Ransomware? If so, delete it no matter it has locked your files or not. You will, first of all, need to close its window by tapping Alt+F4 or killing the malicious process. Second, you will need to find and delete all suspicious files. Our manual removal guide (find it below this article) should help you to take care of this infection.

How to delete CryMore Ransomware

  1. Tap Ctrl+Shift+Esc.
  2. Click Processes to open the list of all processes.
  3. Right-click on the undesirable process representing ransomware and click End Process.
  4. Delete suspicious files you find in such directories as %TEMP%, %APPDATA%, %USERPROFILE%\Downloads, and %USERPROFILE%\Desktop.
  5. Empty the Recycle bin.

In non-techie terms:

Ransomware infections are such threats which illegally enter computers and then encrypt users’ files. CryMore Ransomware is one of these threats, but, luckily, at the time of writing, it does not lock data. It does not mean that keeping it active on the system is a good idea because it might be updated one day and then make it impossible to access personal files. Do not forget to take care of other infections active on your computer too.