CryptoHasYou Ransomware

The CryptoHasYou Ransomware is a ransomware Trojan that encrypts the victim's files and changes their extension to ENC. The CryptoHasYou Ransomware is just one of countless ransomware encryption Trojans that have been appearing recently. Most of them demand payment through BitCoin, to take advantage of the anonymity provided by the so-called Dark Web. The CryptoHasYou Ransomware uses AES and RSA encryption to encrypt the victim's files, making it nearly impractical to recover the files without access to the decryption key. The people responsible for the CryptoHasYou Ransomware demand payment of $300 USD to provide the decryption key, raising the price by $150 USD per day three days after the infection. PC security researchers consider that the CryptoHasYou Ransomware presents a real threat to the computer users' data. The use of a reliable security program that is fully up-to-date and smart online safety practices when browsing the Web can help computer users prevent a CryptoHasYou Ransomware infection and similar issues with encryption ransomware Trojans.

Without a Backup, It may be Impossible to Decrypt te Files Infected by the CryptoHasYou Ransomware

There are numerous ways in which a threat such as the CryptoHasYou Ransomware can be distributed. The CryptoHasYou Ransomware may be delivered using corrupted email or social media spam attachments or embedded links. The CryptoHasYou Ransomware attack is simple to understand. Once the CryptoHasYou Ransomware enters a computer, it scans the victim's machine in search for files with the following extensions:

.bat .bin .blf .cat .cdf-ms .cdfs .cmd .com .conf .cpl .dat .dev .dl .dll .dmp .drv .enc .etl .evt .evtx .exe .folder .fx .gadget .gpd .grp .idx .inf .ini .ins .inx .isu .job .jse .key .lib .lnk .lock .man .manifest .mci .mdmp .msc .msi .msn .msp .mst .mui .nls .ocx .osc .paf .pdb .pf .pif .ps1 .reg .rgu .scr .sct .sfc .sfcache .shb .shs .shs .sif .so .sys .u3p .vb .vbe .vbs .vbscript .vtd .ws .wsf.

The CryptoHasYou Ransomware encrypts these files and changes their extension to ENC. Once a file has been encrypted by the CryptoHasYou Ransomware, it becomes impossible to be decrypted using current technology without access to the decryption key. The CryptoHasYou Ransomware, in particular, seems to search for scripts and executable files, making the victim's applications and programs unusable (unlike most other ransomware Trojans that tend to look for pictures, documents and media files).

After encrypting the victim's files, the CryptoHasYou Ransomware delivers a ransom note on the user's computer. The content of the ransom note is below:

''READ THIS. IT IS VERY IMPORTANT.
Hello, Unfortunately for you, a virus has found its way onto your computer. The virus has encrypted all of the files that exist on this computer (pictures, documents, spreadsheets, videos, etc.). There is no way to restore the files back to their original forms without the unique decryption programs.
Fortunately, we can help. We have your unique decryption program. If you value your locked files and want to restore them, we can provide you with the decryption program and any assistance you need for the price of $300.
Want us to fix all of your files? Have a question? Want to send us a complaint(or compliment)?
Contact us! Our email is {redacted}
We will get back to you with haste.
If you want proof that we can decrypt your files, send us a single encrypted file in an email and we will return it to you fixed and in original condition!
You must respond to this in a timely fashion if you want your original files back.
The initial price of our service is $300. For every 3 days that pass, the price of our service will raise by an additional $150. We will know how long it has been. Remember, we are your only option. If you consult an IT expert, they will tell you the same thing.
Cheers.
Additional Details: (for IT People)
[+] It is impossible to recover the original files without our help.
[+] Encryption scheme: aes256(filesystem, aes_key) -> rsa2048(aes_key, public key)
-In other words, the private_key is required to decrypt the filesystem
[+] During filesystem encryption, all affected files had the original data overwritten with the encrypted data several times over to prevent recovery.
[+] If the extention of an encrypted file is not “.enc” when the decryption program is run, it will not be decrypted.
[+] Do not shut down or restart your computer while filesystem decryption occurs
FOR FILE DECRYPTION CONTACT US: {cyber-crooks’ email address}
You will need to provide the following data to us along with a payment in order to decrypt your files:
<-------------v-----------DATA-----------v------------->
{unique identifying number that has letters as well as digits}''

Note that the ransom message claims that the victim's files were encrypted by a virus and that they can provide a helpful service. The con artists responsible for the CryptoHasYou Ransomware ransom note are also those that created this threat, of course.

The Best Reaction to a Ransomware Infection

To deal with the CryptoHasYou Ransomware and similar ransomware Trojans, it will be necessary first to remove the CryptoHasYou Ransomware infection. This can be achieved with a security program that has been fully updated. It will then be necessary to replace all files encrypted by the CryptoHasYou Ransomware with unencrypted backup copies or to reinstall the affected applications. In most cases, it is better to wipe the affected hard drive and restore it from a backed up image.