CryptoJacky Ransomware Removal Guide

Do you know what CryptoJacky Ransomware?

CryptoJacky Ransomware is a ransomware that was created for distribution is Spanish-speaking countries. Nevertheless, it can end up on your computer regardless of where you live, so knowing what it is all about it crucial. If your PC becomes infected with this ransomware, then you ought to remove it as soon as possible. Its main objective is to encrypt your personal files and then demand that you pay money for the decryption password. However, you should refrain from paying it as it might be not worth your files. Moreover, the cyber criminals might not give you the decryption tool once you have paid.

According to our malware analysts the main executable of this ransomware does not create any additional files, so we got a pretty good idea of how it might be distributed. Researchers say that its developers might have set up an email server dedicated to sending email spam to random email addresses. The main executable that can be named randomly might have a double extension, so it might look like a Word document, picture, file archive or a PDF file while actually being an executable (.exe) file. The file might be zipped, and if you extract and run it then, the game is up, and there is almost nothing you can do.

If you launch CryptoJacky Ransomware, then it will spring into action immediately and show you a window that says that Ransom_ph! Has detected “immoral activity” and, therefore, has deprived you of your right to access your files. Then this ransomware will scan your PC for encryptable files. It should not encrypt all of your files and should skip a great deal of them in order to keep your PC running. This particular program encrypts file extensions that are most likely to contain personal information, so any file formats that hold documents, pictures, images, and videos are targeted by this ransomware.CryptoJacky Ransomware Removal GuideCryptoJacky Ransomware screenshot
Scroll down for full removal instructions

Once the encryption is complete, CryptoJacky Ransomware will drop a ransom payment instructions note in Spanish. When you click OK, it will show another window with a dialog box for entering the decryption password. The cyber criminals want you to buy 250 Euros-worth of Bitcoins and send them to their Bitcoin wallet at lH7YGm35zVJWU4GrqZ2nq4kDvXNfkwfhxd. After you send the money, you are required to send an email to ransom_ph@mail2noble.com letting the criminals know that you have paid, and they will send you the decryption key but it is possible that they will not do that as well.

CryptoJacky Ransomware is a ransomware-type computer infection which makes it highly malicious. It was developed by cyber criminals based in Spain and is in the Spanish language so it should be distributed in Spanish-speaking countries only. It can encrypt your files and render them useless and then demand money for the decryption password. You should not pay the ransom because the criminals might not keep their end of the bargain. You should remove it instead, and we recommend using SpyHunter to detect it if you do not know where it was extracted to. Otherwise, you should go to your Downloads folder or Desktop and delete the randomly named executable of this ransomware.

How to detect and delete this ransomware

  1. Open the web browser.
  2. Type http://www.spyware-techie.com/download-sph in the address box and hit Enter.
  3. Download SpyHunter-Installer.exe and run it.
  4. Install the program, run it and click Scan Computer Now!
  5. After the scan is complete copy the file path of the malicious executable from the scan results.
  6. Press Win+E.
  7. Type the file path of the executable in File Explorer’s address box and hit Enter.
  8. Right-click the executable file and click Delete.
  9. Empty the Recycle Bin.

In non-techie terms:

If your PC has become infected with CryptoJacky Ransomware, then you should know that it can encrypt your files and then ask you to pay a ransom for the decryption password. There is no way of knowing whether you will receive it. Furthermore, it costs a substantial sum of money, so you should also take that into account. We recommend that you remove it install of complying with the demands of the cyber criminals.