How to Recover CryptXXX Ransomware Files

How to Recover CryptXXX Ransomware Files

Remove CryptXXX Ransomware


CryptXXX Ransomware Description and Removal Instructions:

Malware Category: Ransomware

CryptXXX Ransomware is the latest version of Crypto-Ransomware viruses. CryptXXX Ransomware targets PCs running Windows OS and it demands $500 or 1.2 bitcoins. Every file that has been encrypted will have its extension changed to: .crypt. Fortunately, there is a way of decrypting the files encrypted by CryptXXX Ransomware.

The distribution of CryptXXX Ransomware is related to installing different third-party toolbars, all kinds of free software, files from P2P networks and torrents, random clicking on ads, pop-up windows, banners, or even downloading attached files from your personal e-mail inbox or other file sharing applications, bogus flash player and fake video software for viewing online content.

When running, CryptXXX Ransomware will start encrypting certain types of files stored on local or mounted network drives using a RSA-4096 bit public-key cryptography, with the private key stored only on a control server.

CryptXXX Ransomware will create de_crypt_readme.html, .txt and .bmp and put a shortcut to them in every folder where a file was encrypted. Those files contain instructions explaining how to pay the ransom. For the victims to pay the ransom, the virus sends them to a webpage where they can enter their personal code and access the payment page. This page can be accessed through TOR client:


The payment is in Bitcoins, which is untraceable.

CryptXXX Ransomware will not just encrypt files and block your computer, it will also collect valuable information that will be sent to the control servers. Such software could lead to more malware coming into your computer and even cause a loss of data. Such threats are not to be underestimated!

If you are infected, we at SpywareTechs.com recommend you to download SpyHunter Malware Security Suite in order to remove the infection automatically:



Once you get rid of CryptXXX Ransomware (see how to remove CryptXXX Ransomware in our article), you can try to recover your files using the methods below:


How to Recover Files Encrypted by CryptXXX Ransomware:

You can try to recover your files from a system backup. If there is no backup available, one can try to restore the files using the Shadow Copy Service. Windows XP Service Pack 2 and future versions have an integrated feature called Shadow Copy Service which will automatically create backup copies of your files. This method is not bullet-proof, as CryptXXX Ransomware may delete the shadow copies.

1. How to Restore Files Using the Shadow Copy Service:

Method 1. Using Windows Previous Version tab:

*The Windows System Protection service must`ve been enabled before the infection, otherwise it will not work.

  1. Right-click on the encrypted file, select Properties from the menu.
  2. Click on “Previous Version” tab (If missing, this means that Windows System Protection has not been enabled).
  3. Choose a previous version copy and click on the Copy button. Select a directory you wish to recover the file to, or you can try to restore the selected file, directly, by hitting the Restore button.

The method could be used to recover an entire folder. Just right-click on the highlighted folder and select Properties, and then Previous Version tab.

Method 2. Using Shadow Explorer:

Using Shadow Explorer to restore whole folders. You can download the program from the link below:


Download and run the program. A list of available drives will show up on the left side. Beside it, you will see available dates for created shadow copies. One could select the drive and the date to restore to.


2. How to Recover Files Encrypted by CryptXXX Ransomware using RannohDecryptor:

Kaspersky Labs experts were able to crack the CryptXXX Ransomware and develop a decryptor tool called RannohDecryptor.

CryptXXX Ransomware Decryptor Tool

1. Download RannohDecryptor from the following link, save it on your desktop and run it.


2. Go to Settings and select the type of drive you are to scan (removable, network or hard drive).

3. Click on the “Start scan” and choose the location of the .crypt file (you have to have an unencrypted copy as well).

4. Afterwards, select the original file.

5. RannohDecryptor will start scanning for all files with the .crypt extension and will try to decrypt them (only files that are lesser in volume).


Nevertheless, if you want to be protected from CryptXXX Ransomware, get SpyHunter!


John Moore

Owner of SpywareTechs.com. I specialize in malware and spyware removal. Researching new malware threats that emerge on the internet. Computers are my hobby since...well more than 10 years. I posses strong knowledge of computer internals and operating systems. However, I use my skills to join the everyday fight against malware and spyware. Follow me on Google+ to stay updated on how to remove the newest infections.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.