CryptoDevil Ransomware

CryptoDevil Ransomware Description

The CryptoDevil Ransomware is a file encoder Trojan that was reported by cybersecurity researchers on March 19th, 2017. The CryptoDevil Ransomware appears to be a standalone project that is aimed at English-speaking countries. The CryptoDevil Ransomware is styled as a legitimate program and includes an 'About' section and interactive decryption panel along with a price table that states the ransom increases as time passes and climaxes at 100 USD on the 72nd hour. 82 hours later the operator claims to delete the decryption key and recovery is practically impossible.

The CryptoDevil Ransomware is a Devil with Two Faces

The CryptoDevil Ransomware may arrive on systems via spam emails, corrupted software packages and exploit vulnerabilities on your system. The CryptoDevil Ransomware has two versions that behave as a screen locker and a file encryptor. The presence of two versions of the CryptoDevil Ransomware may suggest its developers are looking to make a name for themselves on the ransomware market by following the model of the Alphabet Ransomware and the DetoxCrypto Ransomware, which support two versions as well. The CryptoDevil Screenlocker Ransomware behaves as its name suggests. When the CryptoDevil Screenlocker Ransomware enters the system, it displays a lock screen that covers the entire desktop and disables tools like the Task Manager, the Registry Editor, and the Command Line Utility (CMD). The lock screen is colored in a solid red color and features a text in black that reads:

'Your Computer Has Been Locked
Your computer have been successfully locked you have up to 70 hours
to buy a key to unlock your contract in case files will be deleted.
Payment: Bitcoin 20$
Insert this key
[text box]

Fortunately, computer security experts uncovered that the password of the CryptoDevil Screenlocker Ransomware is found in the 'CryptoDevil.exe,' which is the primary executable for the Trojan. Infected users may be able to enter the code 'kjkszpj' to have the screen lock message removed. You should note that the developers behind the CryptoDevil Screenlocker Ransomware are likely to track news on the Internet regarding their work and add a random password generator in the upcoming versions of CryptoDevil.

The CryptoDevil File Encoder Ransomware is the Less Friendly Counterpart to the CryptoDevil Screenlocker Ransomware

The second version may be listed as the CryptoDevil File Encoder Ransomware by some AV vendors, and it is classified as a standard crypto-threat. The 'About' section of the CryptoDevil File Encoder Ransomware says it is created by a programmer under the name 'mutr0l,' and it combines the AES and RSA ciphers for secure encryption. The CryptoDevil Ransomware behaves like the Crysis Ransomware and appends a custom marker to the names of the encrypted files. For example, 'Argentella lace.pptx' is renamed to 'Argentella lace.pptx.devil' and you can't load the content in your presentation studio. The CryptoDevil File Encoder Ransomware is designed to target images, presentations, videos, audio, spreadsheets, text, eBooks and PDFs on the local drives and removable storage attached to the computer. The ransom message is shown as an HTA desktop app titled 'Ransomware CryptoDevil,' which offers the following information:

'Ransomware Decrypter Panel
Your Files Has Been Encrypted
All your files have been encrypted.
Buy a key to decrypt your files
more instructions forthcoming. - cryptodevil
Payment Key Price About
Key Price Or After Hours
1. After 10 Hours Key Price = $20
2. After 24 Hours Key Price = $30
3. After 48 Hours Key Price = $50
4. After 72 Hours Key Price = $100
After 82 hours if you do not buy the key your files will be encrypted for the rest of your life.
Creator: mutr0l
Greatz: WebDark - DebutySec
'Every human has its fatal weakness and this
fatal weak point is social engineering

CryptoDevil Requires Payment in Bitcoins to Get Your Files Back from Crypto Hell

Unfortunately, the ciphers used by the CryptoDevil are favored by Internet giants like Microsoft and Google to transmit data securely and prevent third parties from recovering data without proper authentication. That means, the CryptoDevil Ransomware prevents attempts at decryption of your data, as long as you do not have the correct decryption key and software. PC security experts recommend using backup images, archives, and copies on cloud storage drives when you need to rebuild your file structure. Paying the ransom does not grantee you will be provided with a decryptor and the data loss may be accompanied by a financial loss as well. You may want to add a reliable anti-malware shield to your OS and block threats like CryptoDevil from invading your machine again.

Infected with CryptoDevil Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect CryptoDevil Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

CryptoDevil Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 file.exe 2,857,989 f9302cb40977fc42bc35b94e207fb163 5

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 5 + 4 ?