What is CryptoJoker Ransomware
CryptoJoker is a ransomware family that releases every new file-encryptor each year. Alike other ransomware infections, CryptoJocker pursues data encryption of potentially valuable data (e.g. pictures, videos, music, documents, databases, etc.) to demand money for its complete return. Depending on which version attacked your system, the encrypted files will be appended with one of these following extensions – .encrypter@tuta.io.encrypted, .crjoker, .cryptolocker, .cryptoNar, .cryptolocker, .nocry, .devos, .devoscpu. Those are often accompanied by .fully and .partially suffixes, suposed to mean, that some files are fully or partially encrypted. For instance, a file like 1.pdf may change to 1.pdf.crjoker, 1.pdf.encrypter@tuta.io.encrypted, and so forth. Different versions of CryptoJocker used different formats of presenting ransom instructions. Some display an interactive window, while others create separate text notes. You can check out the versions of all ransom instructions that have been used over the course of CryptoJocker’s existence below:
hello !!! all your data is encrypted..
and for decrypt it you need a key..
if you want to return your data :
contact us whit this email :
encrypter@tuta.io
warning : please be careful if you try decrypt it
yourself or change windows or every things
you may damage it and damage the some hidden
necessary decryption files.
ENGLISH:
Your personal files were encrypted using RSA key cryptographically!
It decrypts files can be knowing a unique, private RSA key length of 2048 bits, which is only for us.
Write to us at mail: [email protected] Spare mails: [email protected] or [email protected]
Instructions for payment will be sent in the opposite letter.
After payment we will send your key and decoder.
And remember, you only have 72 hours to make a payment, then the price will rise to decipher.
Attempts to decipher on their own will not lead to anything other than irretrievable loss of information.
Your unique key that is required to send to the specified email:
Good luck.
RUSSIAN:
Ваши личные файлы были зашифрованы при помощи криптостойкого RSA ключа!
Расшифровать файлы можно зная уникальный, закрытый RSA ключ длиной 2048 бит, который есть только у нас.
Напишите нам на мейл: [email protected] Запасные мейлы: [email protected] или [email protected]
Инструкция для оплаты будут высланы в обратном письме.
После оплаты мы вышлем ваш ключ и дешифратор.
И помните, у вас есть только 72 часа, чтобы произвести оплату, потом цена на расшифровку поднимется.
Попытки расшифровать самостоятельно не приведут ни к чему, кроме безвозвратной потери информации.
Ваш уникальный ключ, который обязательно вышлите на указанный email:
Удачи.
========================================================================
Hello, my name is CryptoJoker !!
My name is CryptoJoker. I have encrypted all your precious files including images,
videos, songs, text files, word files and e.t.c So long story short, you are screwed ... but you are lucky
in a way. Why is that ?? I am ransomware that leave you an unlimited amount of time to gather the money
to pay me. I am not gonna go somewhere, neither do your encrypted files.
FAQ:
1. Can i get my precious files back ??
Answer: Ofcourse you can. There
is just a minor detail. You have to pay to get them back.
2. Ok, how i am gonna get them back ?
Answer: You have to pay 100€
in bitcoin.
3. There isn't any other way to get back my files ?
Answer: Nahhh.
4. Ok, what i have to do then ?
Answer: Simply,
you will have to pay 100€ to this bitcoin address: 1yh3eJjuXwqqXgpu8stnojm148b8d6NFQ . When time comes to send me the money,
make sure to include your e-mail and your personal ID(you can see it bellow) in the extra information box (it may apper also
as 'Extra Note' or 'optional message') in order to get your personal decryption key. It may take up to 6-8 hours to take your
personal decryption key.
5. What the heck bitcoin is ?
Answer: Bitcoin is a cryptocurrency and a digital payment system.
You can see more information here: https://en.wikipedia.org/wiki/Bitcoin . I recommend to use 'Coinbase' or 'Bitcoin Wallet'
as a bitcoin wallet, if you are new to the bitcoin-wallet. Ofcourse you can pay me from whatever bitcoin wallet you want,
it deosn't really matter.
6. Is there any chance to unclock my files for free ?
Answer: Not really. After 1-2 or max 3 years
there is propably gonna be released a free decryptor. So if you want to wait ... it's fine. As i said, i am not gonna go
somewhere.
7. What i have to do after getting my decryption key ?
Answer: Simple. Just press the decryption button bellow.
Enter your decryption key you received, and wait until the decryption process is done.
Your personal ID: -
Although the content is different, the essence remains the same – to pay for decryption software that will recover your data. In order to do this, victims have to contact extortionists by e-mail and send a sum of money in Bitcoin. The price varies depending on versions and individual cases. Some of them may require victims to pay within a certain time frame unless they want the price to be doubled. It is also possible some extortionists will offer an option to decrypt a couple of files for free. Most often this is a trick used to convince victims into paying the ransom eventually. Whatever the case, it is recommended against paying the required ransom. The reason for that lies in the tendency of many cybercriminals to fool their victims and not send any decryption tools even after receiving the demanded money. Luckily, the majority of CryptoJoker versions can be decrypted with third-party programs for free. The name of one is CryptoJokerDecrypter, which was developed by Demonslay335. Download it further in our tutorial and check which file extensions can be decrypted. If you do not see your file extension around the list, then you are likely infected with a newer version of ransomware. In this case, it is worth saving your files and waiting until developers adapt the decryptor for updated extensions. They are working on it and should be able to come up with a solution quite soon. Another option to recover your data is via backup copies. This method will fit in case you are unwilling to wait and want your files recovered right now. Whatever you choose, it is important to delete the ransomware virus from your system to prevent further encryption of data. You will find instructions dedicated to this in our tutorial below.
How CryptoJoker Ransomware infected your computer
CryptoJoker is known to be distributed via malicious PDF files. These files are often spread in e-mail spam letters under the names of legitimate companies (DHL, DPD, FedEx, Finacial organizations, etc.). After seeing a familiar name, users get baited into opening the attached file that is meant to install malware. To increase the chances of opening files, cybercriminals disguise them as something important or urgent that raises the interest of users. Keep in mind that PDF is not the only format used by swindlers to distribute malware. MS Office files like Word or Excel can also be used to proliferate malware the same way. Before closing this part, it is also worth mentioning other distribution channels that can be used to spread various infections. Trojans, fake software updates, infected installers, backdoors, keyloggers, botnets, web injects, malicious ads, and brute force through unprotected RDP configuration are all other channels that you should also beware of. Follow our guide below to perform removal and set up high-level protection against threats like CryptoJoker in the future.
- Download CryptoJoker Ransomware Removal Tool
- Get decryption tool for .encrypter@tuta.io.encrypted, .crjoker or .cryptolocker files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like CryptoJoker Ransomware
Download Removal Tool
To remove CryptoJoker Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of CryptoJoker Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove CryptoJoker Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of CryptoJoker Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.
CryptoJoker Ransomware files:
how to decrypt my files.txt
CryptoJoker Recovery Information.txt
{randomname}.exe
CryptoJoker Ransomware registry keys:
no information
How to decrypt and restore .encrypter@tuta.io.encrypted, .crjoker or .cryptolocker files
Use automated decryptors
Download CryptoJokerDecryptor
Use following tool from Michael Gillespie called CryptoJokerDecryptor, that can decrypt .cryptoNar, .crjoker or .cryptolocker files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .encrypter@tuta.io.encrypted, .crjoker or .cryptolocker files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with CryptoJoker Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .encrypter@tuta.io.encrypted, .crjoker or .cryptolocker files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like CryptoJoker Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. CryptoJoker Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.
