CryForMe is yet another ransomware-type of infection which first emerged on June 14, 2017. CryForMe was developed through the HiddenTear open source program that is also commonly used by other ransomware. According to our researchers, CryForMe is still on its developmental stage and imitates the WannaCry ransomware which was famous for quite some time due to the damage it has done to many users. It appends its file extension, .cfm to the files during the encryption process. After the encryption process, it opens a window containing its ransom note that demands you to pay 250 € to this BITCOIN address: 19Roobh13zMQ9iNbN7GiaoSzbdkAiMRw for you to get the decryption key. However, you should not, under any circumstances, pay these crooks the ransom money. Paying them won’t guarantee the recovery of your files and besides it will only encourage them to create more infection like CryForMe. You can just try alternative solutions to get rid of the virus which of course, will be discussed as later on this article.
CryForMe spread its infections using various methods. As per our research team, a payload dropper initiates the malicious script that is being spread all over the World Wide Web. This malicious script could be sent out through spam emails that is one of the common distribution methods. Once you open the infected email with the malicious script, download and execute it, your PC is instantly infiltrated by CryForMe. Moreover, this ransomware-type infection can also spread its payload file on social media and file sharing websites. Freeware, although contains a legitimate software, is also bundled with malicious programs like CryForMe, so once you install a software bundle be sure to uncheck any respective boxes related to the extra program to prevent infections like CryForMe from getting installed in your computer. So if you find yourself at the mercy of this ransomware, be sure to follow the removal instructions below.
Step 1: Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for the any suspicious processes that can be related to the CryForMe Ransomware.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 2: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Find CryForMe ransomware or any suspicious program and then Uninstall.
Step 3: Open System Configuration by clicking the Windows button and typing in msconfig and pressing Enter. Go to Startup and unmark items with unknown manufacturer.
Step 4: Open the File Explorer by pressing the Windows key + E.
Step 5: Go to the directories listed below and delete everything in it. Or other directories you might have saved the file related to the CryForMe ransomware.
Step 6: Look for the any malicious executable file that could be related to CryForMe ransomware
Step 7: Right-click on it and click Delete.
Step 8: Empty the Recycle bin.
Step 9: Restart your PC.
Step 10: After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
Step 11: To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit Enter.
Step 12: Windows will now load the Safe Mode with Networking.
Step 13: Press and hold both R key and Windows key.
If done correctly, the Windows Run Box will show up.
Step 14: Type in explorer http://www.fixmypcfree.com/install/spyremoverpro. A single space must be in between explorer and http. Click OK.
Step 15: A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
Step 16: Click OK to launch SpyRemover Pro.
Step 17: Run SpyRemover Pro and perform a full system scan.
Step 18: After all the infections are identified, click REMOVE ALL.
Step 19: Register SpyRemover Pro to protect your computer from future threats.
Step 20: Restore your encrypted files.
Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if the CryForMe Ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.