What is JohnyCryptor ransomware?
JohnyCryptor is yet another ransomware that has appeared recently. It was given its name after the email address that victims are given to contact the schemers. The appendix with the same address is added to the names of encrypted files. Though the ransomware is very much alike other threats of this type, it still has some peculiarities. The first is that JohnyCryptor will scan all your drives, including local, network, and shared. The threat aims mostly for document and media files, which it will encrypt with AES-128 algorithm; these files will have the general layout of this sample: filename.[genuine extension].id-[randomID].Johnycryptor@aol.com.xtbl. After the encryption the ransomware will change the wallpaper to an image containing instructions on files restoration. Unlike other encryption viruses, JohnyCryptor doesn’t block the screen, so users would be able to use their machines. The ransomware also doesn’t press users for paying, giving them a week before deleting the encrypted files. Despite the fact that this threat may force people to pay the ransom, we don’t recommend encouraging cybercriminals by doing that. Instead you should try to remove JohnyCryptor and decrypt the files yourself before.
Symptoms of JohnyCryptor ransomware infection
It’s difficult not to notice ransomware, since it often has one of the processes responsible for displaying a notification message. This window blocks the screen leaving the user minimum alternatives. Besides, some files will be inaccessible, as in many cases ransomware encrypts them to exasperate the scaring effect.
How JohnyCryptor ransomware got installed on your computer
Now the sphere of system security experience the splash of ransomware attacks, so it’s vital to know the weak spots of your system and possible ways of infection infiltration. One of the most active ways of distribution is via spam emails, which have a malicious file as their attachment. The email may pretend to be a business or governmental letter and the attachment may look like a usual document or a PDF file. That’s why you need to make it a habit to check the emails of unknown senders for reliability, paying attention to its errors or oddness of the layout. And it goes without saying that you should scan every file that you tend to download both with antimalware and antivirus applications.
What to do if your PC is infected with JohnyCryptor ransomware
As soon as you notice the presence of the ransomware on your system, you should turn your computer off. If it is possible try to create a backup or image of your hard drive info. This may let you to reserve the state of your drives in case a decryption method would be created afterwards.
How to remove JohnyCryptor ransomware?
To make sure that the adware won’t reappear, you need to delete JohnyCryptor ransomware completely. For this you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to automatic removal tool.
Steps of JohnyCryptor ransomware manual removal
Restart Windows in Safe Mode
For Windows XP:
- Restart the system
- While computer is rebooting press F8 several times
- In the appeared list of options choose Safe Mode
For Windows 7 and Vista:
- Restart the system
- While computer is rebooting press F8 several times
- In the appeared list of options choose Safe Mode
For Windows 8 and 8.1:
- Restart the system
- While computer is rebooting press F8 several times
- In the appeared list of options choose Safe Mode
For Windows 10:
- In the Start menu click on the power button
- Hold Shift and choose Restart
- Choose Troubleshoot
- In the Advanced Options choose Startup Settings
- Click Restart
- Select Enter Safe Mode
Delete files and registry entries added by JohnyCryptor ransomware
Now you will be able to reach the needed functions and files. For eliminating the ransomware activity, you need to find all of the following items and delete them.
Remove JohnyCryptor ransomware files and folders:
file.exe
mesa1.exe
Restore the files encrypted by JohnyCryptor ransomware
Use the decrypting tool
Unfortunately, currently a tool able to decrypt the files infected by JohnyCryptor ransomware is not released yet. You may try applying to the methods described below, however, they might not work with the latest versions of JohnyCryptor ransomware.
Restore the system
- Initiate the search for system restore
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore