The CRYPTEDPAY Ransomware is a threat that can cause severe damage to the computers it manages to infect successfully. By engaging an encryption process with a strong cryptographic algorithm, the threat is capable of locking a wide array of file types, thus, rendering them unusable. In practice, victims will no longer be able to access their private or business-related documents, PDFs, archives, databases, pictures, photos, etc.
Each encrypted file will have '.CRYPTEDPAY' appended to its original name as a new extension. When all suitable files have been locked, the CRYPTEDPAY Ransomware will deliver its ransom-demanding message. First, the default desktop background will be changed to a new image, while the proper ransom note will be contained inside a text file named 'README.txt.'
CRYPTEDPAY Ransomware's Demands
The desktop image will display a brief message from the hackers. It points victims towards opening the 'README.txt' file or contacting the attackers for more details via the 'RansHelp@tutanota.com' email address. Taking a look at the full ransom note reveals a lot more details.
Apparently, the CRYPTEDPAY cybercriminals want to receive the sum of $280, payable using the Monero cryptocurrency. Victims have just 62 hours to transmit the fund to the provided crypto-wallet address. After the allotted time is over, the hackers threaten to damage the infected computers and render the encrypted data unsalvageable.
The text delivered as a desktop image is:
'All your files have been encrypted
Please read carefully the README text file to be able to restore your files !!
Contact us at :
The ransom note contained inside the 'README.txt' file is:
All your files have been encrypted !!
Don't panic please ! We are here to help you.
If you don't want to cooperate and hear your mind instead of our instructions,
you will loose stupidly your files but even worse,
we are able to kill your main windows process so you will never be able to restart your machine after.
All your network may have been infected. If this is the case, note that the decryption software we will give you for one of the machine can be used on all the infected machines. That said, note also that if you don't pay, its all your machines that will get lost and kill.
Fortunately, we think you are aware that we don't want this case to happens and you too.
That's why to help you, we writed a list of instructions to follow if you want to restore your files.
Once you completed all the instructions below, we will be able to give you the decryption software. We don't want to loose time or play with you, we guarantee that you will get that key if you complete your job.
Don't be stupid !!
To restore your files, you will need to pay a ransom within 62 hours or you will loose everything. The amount requested is 280 dollars. An amount you will need to pay in monero (XMR) which is a cryptocurrency like bitcoin (BTC). Our monero ID (adress where you need to send the money) is :
We encrypted your files with AES-256 encryption method. It's the strongest encryption method you can find in this world. Again, don't be stupid and pay the ransom. Its the only way to get all things to normal.
Steps (instructions) to follow :
Step 1 : Search localmonero in your browser search bar and click in the first result.
Step 2 : Create an account.
Step 3 : Search an offer (of a reliable vendor with lot of sales) that correspond to your payment method.
Step 4 : Pay 280 dollars at once.
Step 5 : Go into your account wallet and you'll see the amount of monero you have paid (it need to be 280 dollars).
Step 6 : Send all the monero to our monero ID (adress) which is :
Please, copy-paste it carefully !! Verify if it correspond completly to the one in this text file before you send the money !!
Once you send, it will take maximum 30 minutes to recieve. When, we will recieve the payment, we will send you the decryption software by email
Please contact us at for help and negociation :