CryptoHasYou Ransomware Removal Guide

If CryptoHasYou Ransomware manages to infiltrate your operating system, you can be sure that all your documents and picture files will get encrypted. This sneaky Trojan infection is a severe blow to your computer since there is a chance that you will never be able to access these files again unless you have a backup on an external hard disk. The criminals behind this Trojan obviously offer you a solution that will cost you a lot of money. You can purchase the “unique decryption program” that is the only way to restore your precious personal files. However, be warned that reports show that crooks rarely keep their word. Therefore, it is possible that you would end up with not only losing your files, but you will also pay a steep price for nothing. Of course, this is your decision to make. What we can surely tell you, though, that you should remove CryptoHasYou Ransomware immediately the moment you notice it on your system. This will not give your files back, keep that in mind, but it will make sure that no more of your files get encrypted and taken hostage in the future. Please read our full article to learn more about this dangerous infection and how you may be able to avoid similar ones.

When it comes to Trojans, it is very important to understand how they can infiltrate computers. This bit of information can save you from unfortunate events like this. We have found that this ransomware uses the usual trick, i.e., spam e-mails. These e-mails can have attachments, such as fake invoices, invitations, and MS Word documents. It is possible that these spam e-mails have legitimate-looking senders in order to fool you into opening them. You should not take the reliability of your e-mails for granted even if you think that your spam filter is a top-notch one. It is still possible that such e-mails can somehow pass. Therefore, you should be careful every time you skim through your inbox. Even if the subject of a mail looks official, such as “ATTN: Invoice-HJ132004042016,” you should only open the attached file if you are sure that it was meant for you. You need to understand that one single click on such an infected file is enough to drop this Trojan ransomware onto your computer.

Although we have not found instances where this Trojan was spread through social networking sites, you should know that Trojans can also be distributed through Facebook and Twitter among others. It is possible that you find a “must-see” video or image on your timeline or among your feeds that is infected. So when you click on it, you may initiate the drop of a Trojan infection. That is why we recommend that you be alert while using such sites, too.

Once this ransomware lands on your computer and you run the infected document file, it will start its vicious operation and encrypt all your text files and images as well, although the creators claim that this infection targets all your files. This Trojan uses a built-in Windows encryption algorithm called AES-256. This process may take as little as a few seconds. Therefore, there is no way really that you could catch it red-handed and stop it in time. By the time you are informed about the encryption, all your targeted files will get a “.enc” extension. Your main system process, explorer.exe also gets killed by this ransomware in order to stop you from running programs; however, the Task Manager seems to be still functioning. After all this, the ransom note is displayed on your desktop so that you cannot miss it.

In this note you are informed about the unfortunate attack and that “the virus has encrypted all of the files that exist on this computer.” The criminals also offer you an opportunity to buy their unique decryption program for $300. At least this is the price if you pay within 3 days. After that you will have to pay an additional $150 and so on. These crooks claim to be the only option you have to see your files again. As a matter of fact, we can only confirm this as there is no way yet to decipher this encryption with a free tool. However, there is another option: having backup copies. If you regularly save your files onto an external drive, you have a chance to transfer them back to your computer. But before you do so, you should definitely remove CryptoHasYou Ransomware because otherwise you and your files will not be safe using your computer.

By the ransom note you are also informed that you should send an e-mail to locked@vistomail.com and attach one of the encrypted files so that these criminals can prove to you that they have the decryptor. You are also asked to provide in this contact mail the text file that this Trojan creates on your desktop (YOUR_FILES_ARE_LOCKED.txt) because it contains your unique code. We cannot go so far as to tell you that if you pay the ransom, you will get your files back. Unfortunately, our experience shows that most of the time it does not happen. These criminals are out for your money and they do not really care if you lose all your files or not. Please consider this possibility before you transfer the fee.

Although we cannot help you with the decryption of your files, we can still provide you with a solution as to the removal of CryptoHasYou Ransomware. Fortunately, you do not even need to restart your computer since the Task Manager is still working. Therefore, you can easily restart the explorer.exe process and then, simply delete the downloaded malicious file. Please follow our instructions below if you need help with this. If you want decent protection for your PC and you are fed up with detecting and removing malware infections manually, we suggest that you download and install a reputable anti-malware application to safeguard your operating system. Keep this security tool regularly updated for perfect protection.

How to remove CryptoHasYou Ransomware from Windows

1. Press Ctrl+Shift+Esc simultaneously to open the Task Manager.
2. Open File menu and choose Run new task.
3. Type in explorer.exe and hit Enter.
4. Press Win+E to open File Explorer.
5. Locate the random-name suspicious file in these folders (or wherever you downloaded it) and delete it:
   %USERPROFILE%\downloads
   %TEMP%
6. Empty you Recycle Bin.
7. Restart your computer.