Is your System files encrypted with '.locked' extension? Do you want to decrypt them? If so, this post is really very beneficial for you. Learn how to get rid of CryptoSweetTooth Ransomware which is known as a new HiddenTear virus iteration. Keep reading this post and follow the instructions as in exact order which provided at the end.
CryptoSweetTooth Ransomware- What is it?
Threat's Name | CryptoSweetTooth Ransomware |
Category | Ransomware |
File Extensions | .locked |
Ransom | 0.5 BTC |
Short Description | Encrypts user files with weird extension and ask the user to pay a huge amount of money. |
Distribution Method | Malicious ads, spam email campaigns, torrent files, freeware and shareware packages, infected devices etc. |
Is Removal Possible | Yes |
More Details About CryptoSweetTooth Ransomware
CryptoSweetTooth Ransomware is an infamous variant of ransomware which created by cyber security experts based on the infamous HiddenTear project. The kit which is used to designed and create this ransomware is built on an educational ransomware. The creators of such a ransomware are mainly compromised Systems of Spanish-speaking users. It scans the removal media attached and local drives for data containers associated with the office suits and most popular video and image formats. You can easily detect the enciphered objects of this ransomware because they are represented by white icons and .locked extension.
Dissemination Strategies Used By CryptoSweetTooth Ransomware
There are several active campaigns and installers are associated with CryptoSweetTooth Ransomware in Chile, Argentina, Panama, Mexico, Spain and Peru. The cyber hackers use deceptive phishing strategies and social engineering attacks to make downloads and messages appear as legitimate to the victims. It is equipped with a custom AES-256 cipher and uses an advanced RSA cipher to obfuscate the private encryption key. This ransomware can be identified in binary files under random names. First of all, it was identified in the beginning of January 2017 and mainly targets Spanish-speaking System victims. The other identified payloads are also known as bitcoin_factory_v1.0.2.exe, Bitcoin.exe or simply CryptoSweetTooth.
Behavior of CryptoSweetTooth Ransomware
On the completion of encryption procedure, it asks user to pay ransom fee that is set at 0.5 BTC. The January of 2017 can be seen as a milestone for this ransomware that requires the humble ransom payments in order to provide the decryption to victims. Unfortunately, the free decryption is not available for the locked files. You can only restore your locked or encrypted files by keeping a backup. Most of the Computer users easily agreed to pay the ransom amount but they do not that the hackers will not go to provide them any decryption tool even paying off the ransom money. Thus, it is recommended to delete CryptoSweetTooth Ransomware immediately rather than paying ransom money.
Free Scan your Windows PC to detect CryptoSweetTooth Ransomware
Free Scan your Windows PC to detect CryptoSweetTooth Ransomware
A: How To Remove CryptoSweetTooth Ransomware From Your PC
Step: 1 How to Reboot Windows in Safe Mode with Networking.
- Click on Restart button to restart your computer
- Press and hold down the F8 key during the restart process.
- From the boot menu, select Safe Mode with Networking using the arrow keys.
Step: 2 How to Kill CryptoSweetTooth Ransomware Related Process From Task Manager
- Press Ctrl+Alt+Del together on your keyboard
- It will Open Task manager on Windows
- Go to Process tab, find the CryptoSweetTooth Ransomware related Process.
- Now click on on End Process button to close that task.
Step: 3 Uninstall CryptoSweetTooth Ransomware From Windows Control Panel
- Visit the Start menu to open the Control Panel.
- Select Uninstall a Program option from Program category.
- Choose and remove all CryptoSweetTooth Ransomware related items from list.
B: How to Restore CryptoSweetTooth Ransomware Encrypted Files
Method: 1 By Using ShadowExplorer
After removing CryptoSweetTooth Ransomware from PC, it is important that users should restore encrypted files. Since, ransomware encrypts almost all the stored files except the shadow copies, one should attempt to restore original files and folders using shadow copies. This is where ShadowExplorer can prove to be handy.
Download ShadowExplorer Now
- Once downloaded, install ShadowExplorer in your PC
- Double Click to open it and now select C: drive from left panel
- In the date filed, users are recommended to select time frame of atleast a month ago
- Select and browse to the folder having encrypted data
- Right Click on the encrypted data and files
- Choose Export option and select a specific destination for restoring the original files
Method:2 Restore Windows PC to Default Factory Settings
Following the above mentioned steps will help in removing CryptoSweetTooth Ransomware from PC. However, if still infection persists, users are advised to restore their Windows PC to its Default Factory Settings.
System Restore in Windows XP
- Log on to Windows as Administrator.
- Click Start > All Programs > Accessories.
- Find System Tools and click System Restore
- Select Restore my computer to an earlier time and click Next.
- Choose a restore point when system was not infected and click Next.
System Restore Windows 7/Vista
- Go to Start menu and find Restore in the Search box.
- Now select the System Restore option from search results
- From the System Restore window, click the Next button.
- Now select a restore points when your PC was not infected.
- Click Next and follow the instructions.
System Restore Windows 8
- Go to the search box and type Control Panel
- Select Control Panel and open Recovery Option.
- Now Select Open System Restore option
- Find out any recent restore point when your PC was not infected.
- Click Next and follow the instructions.
System Restore Windows 10
- Right click the Start menu and select Control Panel.
- Open Control Panel and Find out the Recovery option.
- Select Recovery > Open System Restore > Next.
- Choose a restore point before infection Next > Finish.
Method:3 Using Data Recovery Software
Restore your files encrypted by CryptoSweetTooth Ransomware with help of Data Recovery Software
We understand how important is data for you. Incase the encrypted data cannot be restored using the above methods, users are advised to restore and recover original data using data recovery software.