Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Friday, March 6, 2015

How to Remove CryptoFortress Virus and Restore Encrypted Files

Tell your friends:
CryptoFortress or Crypto Fortress is a type of malicious software that has been designed to 'kidnap' your files, hold them hostage, and then – no prizes for guessing what happens next – demand a ransom from you (1 Bitcoin which is about $250). Once your files have been held hostage the ransom virus (ransomware) will encrypt them utilizing a 2048 bit RSA-AES key, essentially making them inaccessible. All the encrypted files will have the .frtrss extension at the end, so it's pretty easy to tell which files were encrypted by this virus. It will then send you a ransom note called READ IF YOU WANT YOUR FILES BACK.html – usually in the form of an email message, or displayed as an on screen message – promising you software to decrypt your file for a sum of money. Here's how the ransom note reads:

We have encrypted your files with CryptoFortress virus
All your important files (such as files on network disks, USB devices, etc): photos, videos, documents were encrypted with CryptoFortress virus. The only way to get your files back is to buy out decryption software.
Otherwise, your files will be lost.
Caution: Removing of CryptoFortress will not restore access to your encrypted files.

Here are a few TOR to Web gateways used by cybercriminals to display payment information and buy Bitcoins:
Unlike CryptoWall or CryptoLocker, this virus generates the encryption key and stores it on your computer itself. But, there are many similarities with CryptoLocker. At first, I thought it was just a new variant of this virus but it appears to be a new variant of ransomware altogether. Clearly this is extortion at the highest level, so how do you protect yourself should you fall victim to a ransomware kidnapper?

How does CryptoFortress attack you?

It is either spread through emails sent by cyber criminals or other malicious third parties, by having been embedded on a website or packaged with a program that has also been targeted by it. Naturally, the immediate concern here is that the vast majority of us all use email and the Internet on a daily basis and most of us have downloaded a program or some software at some point too. So if these tools used in everyday life are being compromised – in turn putting our data, our bank accounts, our safety and our privacy at risk, what can we do about it?

Exercise extreme caution – whoever you are!

Let's say you're one of the world's most powerful politicians or business tycoons, or one of the most famous faces in show business or sport. You're worth millions or billions of dollars and you have young children: you don't put you or your family in jeopardy by walking around with wads of cash and without a bodyguard. You are at risk of kidnapping. And while us mere mortals may not be in the same category as Bill Gates, or Kim Kardashian and Kanye West, that doesn't mean we should take our own (online) safety any more lightly. The most important rule is to create backups of your files. Not every day but let's say once a week or month. That way you won't have to pay a ransom and spend your hard earned money. Besides, there's not guarantee that cyber criminals will actually decrypt your files. So, think twice before paying a ransom.

The problem with ransomware

Apart from the obvious is that CryptoFortress is incredibly convincing and has been created to instill fear or panic in anyone it attacks. And that's also why you need to be on red alert whenever you're online. In addition to this, as anti-malware programs are constantly upgraded, malware programmers are always trying to outwit the good guys. Therefore as well as having a reputable anti-malware program installed on your PC, you should also ensure your email settings are configured to block spam, never open emails from unknown senders, only download software from reputable websites – and try and stay away from any sites that you know, deep down, are of a disreputable nature.

As an Internet user you know there are any number of nasty, harmful and, okay we admit it, innovative ways that cyber criminals employ to make a fast buck off our vulnerabilities and lesser technical know-how. You've no doubt already read all about adware and spyware, but there are some other extremely dangerous enemies out there that you really don't want to run into, for once these get their claws into you, it can be exceedingly hard to shake yourself free of them. And trust me, you don't want to run into this one. If your computer is already infected, the first thing you should do is remove the CryptoFortress virus. Only then you can try to restore your files. Please note that this ransom virus can delete copies of your files and the overall recovery near to impossible. However, it's always worth a try. To do so, please follow the steps in the removal guide below.

If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur,

Step 1: Removing CryptoFortress and related malware:

Before restoring your files from shadow copies, make sure CryptoFortress is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by CryptoFortress virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.