How to remove Cry9 Ransomware

This article is all about the specifics of a recently detected Ransomware virus, which is known under the name of Cry9 Ransomware. This is a cryptovirus, which employs a special file-encrypting technology in order to lock the personal files on the attacked computer and render them inaccessible to the user, unless a certain amount of money is paid as ransom. The hackers, who stand behind the Ransomware, use this tricky scheme, to blackmail the victims for the access to their own data. They usually promise a special decryption key to the ones, who strictly follow the ransom instructions and complete the payment. However, even fulfilling the hacker’s demands may not really guarantee the salvation of the files from the malicious encryption. In the next lines we are going to discuss all the specifics of this nasty Ransomware infection, tell you all that it is capable of and how you can potentially recover from its consequences, if you have been infected. At the end of the page, you will find also a removal guide with step-by-step instructions on how to safely remove Cry9 Ransomware from your system. 

Cry9 Ransomware – a tool for a nasty blackmail scheme

As a typical Ransomware, Cry9 Ransomware usually encrypts the files that can be found on your computer and places a ransom note on your screen, prompting you to pay X amount of money (usually in Bitcoins) if you ever want to decrypt your files and access them again. This is a nasty criminal scheme, which generates huge profits for its criminal creators but the online users are the ones who pay the price in hundreds of dollars as ransom and hundreds of GB of encrypted data. Unfortunately, this Ransomware criminal “quick money” model grows at a rapid pace and takes its toll on different businesses, organizations and normal web users all around the web every day. And even though it doesn’t directly cause some actual deletion or corruption to the encrypted files or the attacked computer, this type of malware is considered as one of the most harmful threats that one could catch. The main reason is that cryptoviruses like Cry9 Ransomware are usually programmed in such a way, that they can silently sneak inside the system without any visible symptoms. They frequently get delivered inside your PC thanks to a Trojan horse or a well-camouflaged malicious transmitter, which may come in the form of an ad, a link, spam, some fake email, infected attachment or a website, where one wrong click is enough to activate the malware. What makes these Ransomware threats even nastier is that the encryption they apply is very hard to reverse or breach and in most of the cases it is almost impossible for the victim to recover their data completely after such an attack.

What to do if you have been attacked by Cry9 Ransomware?

There are several possible courses of action in case that you have faced the malicious encryption of Cry9 Ransomware. However, we should warn you that none of them can guarantee that you will be able to restore your data to the way it was before. You can always pay the ransom to the crooks and hope that they will send you the decryption key. But what if they don’t send you anything? And what if something goes wrong and the key simply doesn’t work properly to decrypt your data? You will just lose your money in vain and make the hackers rich. Many victims have already been fooled this way and we believe that you don’t want to be the next one. A smarter thing you can do is to try everything possible to remove the infection and minimize the consequences of the Ransomware.

One of the options for that is to use the instructions in the removal guide below. If you strictly follow the steps, you may be able to delete the infection and clean your system all on your own. The restoration of your files is a different story, though. Don’t expect that the moment you remove the Ransomware, everything will be back to normal. Unfortunately, your files may remain encrypted and you may still not be able to access them unless you breach the encryption with some specialized decrypting tool or a professional’s help. If you have some backups or copies somewhere on an external drive or a cloud, that would be the best. Just clean your system from the infection and you can safely copy them back to your PC. But if you don’t have any backups, then we can suggest you to try to extract some of your data with the help of the file-restoration steps that you can find a few lines below in the guide.  How effectively they will work really depends on your specific case. However, you will lose nothing if you test them, so go ahead and good luck!

Cry9 Ransomware Removal

Prior to starting to execute the steps from the guide, we advise you to either bookmark this page or open it on a separate device since throughout the process of completing the guide, you might need to exit your browser.

1: Using Safe Mode

Before beginning to troubleshoot the issue, you are advised to enter Safe Mode on your PC. If you do not know how to do that, use this guide on how to enter Safe Mode.

2: Spotting the process

Open your Task Manager using the Ctrl + Shift + Esc key combination. Next, go to the processes tab and carefully look through the list for any shady entries. Usually, malicious processes will be consuming large amounts of CPU and RAM and will either have no description or will have a suspicious-looking one.

Once you identify the virus’ process, right-click on it and select Open File Location. Delete everything in the folder that opens if you are sure that the process was malicious. If you are not sure, contact us in the comments.

Go back to the Task Manager and end the potentially harmful process.

3: Hosts file IP’s

Go to your start menu and in the search field, paste the following address: notepad %windir%/system32/Drivers/etc/hosts. Select the first result and look at the bottom of the newly opened notepad file. See if there are any IP’s below “Localhost” and tell us in the comments if there were any IP addresses. 

4: System Configuration Startup Programs

Type System Configuration in the Windows search bar and open the first result. Go to the Startup tab and take a look at the list of startup programs (on Windows 10, the Startup programs can be seen in the Startup Section of the Task Manager). If any of them look shady or have unknown manufacturer or a manufacturer with a sketchy name, uncheck those entries and click on OK.

5: Registry

Open the Run window (WinKey + R), type regedit and press Enter. Once the Registry Editor opens, press Ctrl + F and type the name of the virus. Select Find Next and delete whatever gets found that has the virus’ name. Do that with all search results.

6: Deleting potential virus files

Open the Start Menu and separately type each of the following locations: %AppData% %LocalAppData% %ProgramData% %WinDir% %Temp% . Open each of those folders and sort their contents by date. Delete the most recent files and folders. When you open the Temp folder, delete everything in it.

About the author

Adrian Bitterson

Leave a Comment