If you think your computer is safe from malicious computer infections, then think again because there is a new bad guy in town called CryptoDevil Ransomware. This malicious application can infect an unprotected computer and encrypt many of the files stored on it. If your PC has become infected with it, then you ought to remove it but not before you enter the decryption key that we have acquired. This key will work for some versions, but not all of the time, so be warned. In this article, we will discuss how this ransomware works, how it is distributed and how you can delete it manually.
We want to note that this particular ransomware might still be in development as we have received information claiming that it has several versions with notable levels of sophistication. In any case, If your PC becomes infected with the most basic version, then it will immediately encrypt all of the files on your computer’s desktop. Testing has shown that this program can encrypt file formats that include .doc, .docx, .pdf, .db, .jpg, .png, .ppt, .pptx, .txt, .xls, .xlsx, .dll, .lnk, and .exe. While encrypting the files, this ransomware will append them with the “.devil” file extension, but will not change the file name, so you know which file is which.
Once the encryption is complete, CryptoDevil Ransomware will render a pop-up window that will demand that you pay money for the decryption key needed to decrypt your files. Initially, the ransom to be paid is 20 USD, but after ten hours of not paying it can increase by another 20 USD and after 24 hours by 30 USD. However, you have to pay the ransom in Bitcoins, so when you press the “Payment” button, it will redirect you to Coinbase.com to purchase Bitcoins. If you pay the ransom, then you have to send the ransomware developers a message at Contactcryptodevil@gmail.com to receive the decryption key. However, as we have mentioned in the introduction, you can try using the "dm9jZWV1bWZyYWNhc3NhZG8=" (without quotes) to decrypt your files. It is not guaranteed to work, but it is worth the shot. If it does not work, then press Alt+F4 and go to the location from which CryptoDevil Ransomware was launched and delete it.
Before closing this article, we want to shed some light not how this ransomware might be distributed. We have found that CryptoDevil Ransomware might be distributed via email spam sent from a dedicated email server. The developers might have set up a server to automatically send fake emails to random or preselected email addresses in the hopes of infecting as many unwary PC users as possible. The emails can look like invoices, tax return forms and so on. The point is that the dropper file is included as a file attachment that you need to open manually. So, if you got a suspicious email, then we suggest you refrain from opening it.
As you can see, CryptoDevil Ransomware is one dangerous piece of programming that can get your most valuable files encrypted to force you to pay a ransom. The good news is that you can avoid paying by entering the provided decryption key. Then, you can remove this ransomware manually or using an antimalware program such as SpyHunter. Getting rid of this infection is crucial to your computer’s security, so the sooner you delete it, the better.