Cryptorium Ransomware Removal Guide

Cryptorium Ransomware is a dangerous malicious application that makes users’ files unusable once it enters the computer. It differs from older ransomware infections, e.g. Payday Ransomware and Popcorntime Ransomware that our researchers detected some time ago. Unlike the aforementioned infections, it does not encrypt users’ files. At least, the version of Cryptorium Ransomware tested by researchers working at 411-spyware.com did not do that. Instead of encrypting users’ files using a strong cipher, it changes their filename extensions, for example, picture.jpg becomes picture.enc. It seems that it does not affect all folders, so users might not even notice that changes have been applied to their personal data for a while. If you are one of those users who have already detected a number of files with modified filename extensions, you should definitely not purchase a key (it is called a GBO KEY) from cyber criminals. First of all, there is no need to do that because files can be fixed by changing the .enc filename extension to an appropriate one. Also, at the time of writing, it is impossible to buy the key to unlock files because there is no information about a payment provided for users. A ransom note opened for users after the infiltration of Cryptorium Ransomware contains a sentence at the bottom informing users that “all servers are down at the moment.” Even though this threat is still in development, it might be quickly fixed by its developer. This new version might act slightly differently than the one tested by our specialists, so do not be surprised if the information you find in this article does not conform to reality when you read it.

Evidently, even though Cryptorium Ransomware does not encrypt users’ files, its main goal is to obtain money from users. It would definitely not modify files and then open a window containing the ransom note just for fun. The version researchers at 411-spyware.com have tested might be beta, and Cryptorium Ransomware might be changed to a great extent in the future, but there is no doubt that it remains a ransomware infection seeking to obtain money from innocent users. Do not pay money to cyber criminals no matter how badly you need to get your files back. It is because they might take your money but do not send anything in return. Also, specialists tend to develop free software recovery tools sooner or later, so it is better to wait for such a tool to be released than rush to make a payment to cyber criminals. Last but not least, users who find their files encrypted can recover their data from a backup. Of course, it will be of no use if it has been kept on the computer (files of the backup are usually affected by ransomware too).

No matter which ransomware infection you encounter, there is no doubt that it has entered the computer illegally. In most cases, these threats are distributed through spam emails and end up on computers when users open spam email attachments; however, Cryptorium Ransomware is distributed slightly differently. It has been revealed that it is spread as a copy of FIFA’17 with a crack. This game is quite popular, so it is very likely that many users will get infected with Cryptorium Ransomware. Of course, we do not say that it cannot be distributed using another distribution method too. Therefore, you should be cautious all the time if your computer is connected to the Internet. It is not always that easy to prevent such serious malware from entering the computer. Therefore, every user should go to install a security application on the computer. An enabled reputable tool will not allow any threats to sneak onto the computer.

Since Cryptorium Ransomware opens a window with the ransom note and disables the Task Manager, it will not be very easy to unlock the screen and then delete the ransomware infection fully from the computer. Our specialists know that the removal process might be quite challenging, so they have prepared the manual removal guide for users. The first part of the guide will help you to launch the disabled Task Manager, whereas the second one will guide you through the actual ransomware removal process. Once you are finished with this computer infection, go to fix the filename extensions of your files so that you could access them again.

Delete Cryptorium Ransomware

Revive the Task Manager

1. Launch RUN (Win+R).
2. Enter Gpedit.msc and click OK.
3. Navigate to User Configuration and then click Administrative Templates.
4. Open System and then click Ctrl+Alt+Del Options.
5. Right-click on Remove Task Manager and select Edit.
6. Make sure options Disabled or Not Configured are enabled.
7. Click OK.
8. Close the window.
9. Open RUN again.
10. Type gpupdate /force in the box and click OK.

Delete the ransomware infection

1. When the Task Manager is working again, press Ctrl+Shift+Esc.
2. Open the Processes tab.
3. Right-click on the process belonging to the ransomware infection (its name depends on the name of the malicious file launched).
4. Click End Process.
5. Locate the file launched, e.g. VirtualUIpro.exe.
6. Delete it.
7. Clear the Recycle bin.