CryptoDevil Ransomware Removal Guide

Do you know what CryptoDevil Ransomware is?

CryptoDevil Ransomware is a ransomware-type infection developed for educational purposes. Although it, originally, has no intentions of causing problems to users, cyber criminals have started distributing it as a tool for obtaining money from users, so do not be surprised if it ever shows up on your computer too. Luckily, unlike typical ransomware infections – Kirk Ransomware, Zinocrypt Ransomware, and Lick Ransomware – it works from the place it has been launched and encrypts files located in this particular directory only. For the time being, it targets users’ documents, pictures, text files, and even .exe files, which suggests that users might no longer be able to access several programs too. Without the smallest doubt, this ransomware infection seeks to obtain money from users too. Do not give people behind it a cent because CryptoDevil Ransomware can be deleted manually and those encrypted files can be unlocked for free by entering the code dm9jZWV1bWZyYWNhc3NhZG8= (unfortunately, the unlock key might be changed and no longer work after some time) in the box located at the bottom of the red window launched by the ransomware infection.

After the encryption of files placed in a certain place, e.g. %PROGRAMFILES% (%PROGRAMFILES(x86)%) and %USERPROFILE%\Desktop, CryptoDevil Ransomware opens a “Ransomware Decrypter Panel” window for users. Users are first told that their files have been encrypted, and then they find out that they need to buy a special key to decrypt them. There are also three yellow buttons on this window at the upper part: Payment, Key Price, and About. Our specialists have checked all of them. If users click on the Payment button, they get instructions to click on a link, purchase Bitcoins, and then contact the author of CryptoDevil Ransomware by writing an email to contactcryptdevil@gmail.com. Strangely, although users are asked to pay a ransom in Bitcoins, the provided link redirects them to coinbase.com. The second button, Key Price, opens a pricelist. The price of the decryption key depends on how quickly a user pays money, so it varies from $20 to $100. Finally, the About button opens some information about the ransomware, e.g. creator’s nickname and the email address it uses. On top of that, there is a quote at its lower part.CryptoDevil Ransomware Removal GuideCryptoDevil Ransomware screenshot
Scroll down for full removal instructions

Do not send cyber criminals your money because a) there are no guarantees that they will give you the key for unlocking your files in return and b) it is possible to decrypt those files, i.e. remove the appended extension .devil from all of them by entering the unlock code. In case the code changes and you do not want to pay money to cyber criminals, restore those encrypted files from a backup after the full removal of CryptoDevil Ransomware. This is the only free method that always works.

At the time of writing, specialists have only several reports regarding the entrance of CryptoDevil Ransomware in their hands, which shows that its infection rate is still quite small. Because of this, it is not so easy to say how this ransomware infection is usually distributed too. Of course, specialists still have a theory. They believe that this malicious application is distributed just like similar threats are, i.e. it is spread as an attachment in spam emails. Users do not install the ransomware infection by opening a spam email. They need to download the email attachment in order to allow it to enter their computers. Evidently, there are people who have already done that.

We hope that you have understood that keeping CryptoDevil Ransomware inside a system is a bad idea. If yes, delete it from your computer today. First, you need to close the window opened on your Desktop. Press Alt+F4 or enter dm9jZWV1bWZyYWNhc3NhZG8= in the “Insert This Key” box at the bottom of the ransomware window and click Decrypt. Then, malicious recently downloaded files need to be erased. You will have to find their location yourself, but you should start by checking two popular directories %USERPROFILE%\Downloads and %USERPROFILE%\Desktop. If you cannot find it anywhere, let a reputable antimalware tool help you.

Delete CryptoDevil Ransomware manually

  1. Press Alt+F4 or enter dm9jZWV1bWZyYWNhc3NhZG8= in the box located on the ransomware window.
  2. Press Win+E when the red window of CryptoDevil Ransomware is gone from Desktop.
  3. Search for recently downloaded malicious files (check %USERPROFILE%\Downloads and %USERPROFILE%\Desktop first).
  4. Delete those files.
  5. Empty the Trash bin.
  6. Perform a system scan with a reputable antimalware scanner.

In non-techie terms:

CryptoDevil Ransomware is, without a doubt, a nasty infection which shows up on users’ computers with the intention of getting money from them. Although it has been developed for educational purposes, there are users who already have it on their PCs, which shows that cyber criminals have started distributing it. If it ever shows up on your computer too, do not send the required money for the decryption key by any means because it is possible to remove the window left by ransomware on Desktop, decrypt files, and erase this computer infection without the special key cyber criminals claim to have.