Cryptoshadow Ransomware Removal Guide

Malicious programs such as Cryptoshadow Ransomware are probably the most dangerous computer infections out there. We have recently tested this new ransomware and found some interesting things about it which we will discuss in this article. However, from the outset, we advise that you remove it as quickly as possible because there is no way to decrypt your files once they have been encrypted. The sample we have tested looks like it is a test version because it does not provide the would-be victims with the means to pay the ransom and get the decryption key. It looks half finished but, nevertheless, it encrypts files as it was designed to and renders them inaccessible.

If Cryptoshadow Ransomware manages to infect your computer, then it will spring into action at once and scan your PC for files to encrypt. Our research has shown that it was configured to encrypt close to a hundred file formats. For example, it will encrypt files formats that include .txt, .jpg, .png, .bmp, .zip, .rar, .7z, .sql, and .pdf. In short, this ransomware encrypts many file formats, but it specifically aims to encrypt files that are likely to feature personal and valuable information because this ransomware’s developers want to compel you to pay the ransom, or so it would seem. However, because it does not provide information on how to make the payment, there is no possibility to decrypt your files.

We have received information stating that Cryptoshadow Ransomware uses the AES encryption algorithm. If this is true, then it is bad news because the AES encryption algorithm is very strong and difficult to decrypt. While encrypting your files, this program will append them with one of two possible file extensions that are “.doomed” and “.exit.” The extensions are there to indicate that a particular file was encrypted and, therefore, cannot be opened.

Once the encryption process is complete, this ransomware will drop a file named LEER_INMEDIATAMENTE.txt. It is a text file and should act as the ransom note. The text inside this note is in Spanish, so we think that it should be distributed in Spanish-speaking countries. In any case, the note does not say how you can decrypt your files. It does not tell anything about any ransom payment that you should make. Therefore, we assume that it is still in development because ransomware is always created for the purpose of extracting money from its victim.

We have received unconfirmed information that Cryptoshadow Ransomware is disseminated via malicious emails that feature a malicious attached file. This file should be in the “.js” format which means that it is a JavaScript file that will run a malicious script to download this ransomware from a remote server. Its developers use deception to compel you to open the attached file, and if you do, this ransomware will download and run automatically and start encrypting your files, provided that your PC is not protected by an anti-malware program.

As you can see, Cryptoshadow Ransomware is a dangerous application that can make your files inaccessible. Due to the fact that there is no free decryption tool, we recommend that you remove it from your PC entirely because you cannot purchase the decryption key from this ransomware’s developers. We recommend using SpyHunter’s free scanner to detect this malware and delete it manually.

Remove this malware manually

1. Go to http://www.411-spyware.com/download-sph
2. Download SpyHunter-Installer.exe and run it.
3. Install the program and run it.
4. Click Scan Computer Now!
5. After the scan is complete copy the file path of the executable from the scan results.
6. While in desktop, press Win+E.
7. Type the file path of the executable in File Explorer’s address box and hit Enter.
8. Right-click the file and click Delete.
9. Empty the Recycle Bin.