JohnyCryptor is a ransomware trojan virus that encrypts your files with the strong AES-256 (CBC mode) and asks for money to decrypt them. The virus leaves a ransom note containing a brief message and an AOL email for contact. All encrypted files have the name extension of an identification number and the johnycryptor(@aol.com) email. JohnyDecryptor. The crooks want the payments to be made in Bitcoin and sometimes the ransom gets insanely expensive, up to 10 BTC if the victim doesn’t pay quickly. The price varies, but it’s always above 1 BTC – around $580.
There are reasons to believe that a new wave of JohnyCryptor Ransomware started in April 2017.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
JohnyCryptor ransomware – How does it spread?
The JohnyCryptor virus was first sighted in early 2016, but there was a spike in infections starting in July 2016. There’s speculation that the ransomware’s creators employed new exploit kits to spread the virus more effectively. The most effective way to distribute ransomware is to put it into email spam. The infected emails are masked to appear inconspicuous. The emails often look like they were sent from a bank, customer service operators, a software company, or other legitimate services.
Name |
JohnyCryptor |
File Extensions |
id number and the johnycryptor(@aol.com) email address. |
Ransom |
1 BitCoin |
Solution #1 |
The fastest solution would be to download an anti-malware tool, run a scan on your system, and delete JohnyCryptor automatically. The software will also protect your PC in the future and prevent other cyber-security threats like browser hijackers and adware programs. |
Solution #2 |
This is the harder option. You can also try to remove it by hand. A detailed description on how you can do that is provided below. |
Distribution |
JohnyCryptor infects your system and locks your files using an ecryption algorithm. |
JohnyCryptor Ransomware – More Information About the Virus
The Naming of the Encypted Files Follows This Model:
.id-[ID_victim][email protected]
.id-[ID_victim][email protected].
Once the virus gets into the victim’s PC, it’ll add a ransom note to computer’s desktop. The note has the following message attached to it:
Attention!
Your computer has been encrypted by cryptographically strong algorithm. All your files are now encrypted. You have only one way to get them back safely – using original decryption tool. Using another tools could corrupt your files, use it on your own risk.
To get original decryptor contact us with email.
[email protected]
It is in your interest to respond as soon as possible to ensure the restoration of your files, because we won’t keep your decryption keys at our servers more than one week in interest of our security.
PS. only in case you do not receive a response from the first email address within 48 hours, please use this alternative email address
JohnyCryptor @india.com
There is another, newer version of the ransomware that uses this note:
the JohnyCryptor Ransomware Virus Encrypts These Types of Files:
.jp2, .jpc, .jpf, .jpg, .jpg2, .jpx, .js, .jso, .json, .kmz, .lbi, .m4v, .3fr, .3gp, .7z, .ai3, .ai4, .ai5, .ai6, .arw, .as, .asa, .ascx, .asmx, .asp, .aspx, .asr, .avi, .bak, .bay, .bmp, .bz2, .c, .cdr, .cer, .cfc, .cfn, .cfnl, .cin, .chm, .class, .config, .cpp, .crt, .cs, .css, .csv, .cub, .dae, .db, .dc3, .dcm, .der, .dic, .dif, .divx, .djvu, .dl, .doc, .docm, .docx, .docxml, .dot, .dotm, .dotx, .dpx, .dqy, .dtd, .dwg, .dx, .dxf, .dsn, .dwt, .eps, .exr, .fido, .frm, .gif, .gz, .h, .hpp, .hta, .htc, .htm, .html, .icb, .ics, .iff, .inc, .ind, .ini, .iqy, .j2c, .i2k, .java,.mdb, .mdf, .mef, .mht, .mhtml, .mkv, .mov, .mp4, .mpeg, .mpg, .msg, .myd, .myi, .obj, .odb, .odc, .odm, .ods, .oft, .one, .rdf, .rle, .rqy, .rss, .rtf, .rw2, .rwl, .sct, .sdpx, .shtm, .shtml, .slk, .sln, .sql, .srw, .ssi, .stn, .svg, .svg2, .swf, .tar, .tdi, .tga, .tld, .txt, .u3d, .udl, .uxdc, .vcs, .vda, .wbm, .wbmp, .xlk, .xlm, .xlmv, .xls, .xlsm, .xlsx, .xltx, .xlw, .xml, .xsd, .xsl, .xsc, .xslt, .xz, .wb2, .wim, .wmv, .zip, .onepkg, .onetoc2, .opt, .oqy, .p7b, .p7c, .pcx, .pdd, .pdf, .pdp, .pem, .pfx, .php, .php3, .php4, .php5, .phtml, .pl, .pm, .png, .pot, .potm, .potx, .pps, .ppsn, .ppt, .pptm, .pptx, .prn, .pst, .ptx, .pxr, .py, .r3d, .rar,
The file name of the virus:
%AppData%/johny.exe
JohnyCryptor Ransomware Removal
For a faster solution, you can run a scan with an advanced malware removal tool and delete JohnyCryptor completely with a few mouse clicks.
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
-
1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
-
1) Open My Computer/This PC
2) Windows 7
-
– Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
-
– Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
-
1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely JohnyCryptor Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
-
1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
-
1) Use present backups
2) Restore your personal files using File History
-
– Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
3) Using System Restore Point
-
– Hit WIN Key
– Select “Open System Restore” and follow the steps
STEP VII: Preventive Security Measures
-
1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter