Most Carcinogenic and Ruinous Virus – CryptoJoker Ransomware

Hackers mainly work for earning money – beats last year’s figures due to which people suffers from the loss of their essential files including photos, videos, audios etc. With advance technology, cyber culprits design the most terrible virus known as CryptoJoker Ransomware.

CryptoJoker Ransomware is the new family member of ransomware virus which is not going to put smile on your face. Being a new malware infection, it is not actively spread at this moment. CryptoJoker Ransomware performs basic activities which other crypt- type threats have had like CryptoLocker and CryptoWall. It attacks on computer and encrypting files using AES-256 encryption. The main difference is in ability to encrypt files using .cjoker string adding to the end of each and every file. Other than this, it adds PDF files through harmful and malicious phishing campaigns. Further, it doesn’t specify particular amount to be paid for decryption.


Source –

Once you got up CryptoJoker Ransomware in your system, you are forced to send mail on any of these three addresses(,, or ) along with pop-up message.

Then onwards, CryptoJoker Ransomware targets 30 file extensions and deletes shjadow volume copies. As a result left users with only two options – either recover files from an older archive or make contact with the author of ransomware and pay money.

The list of extensions which CryptoJoker Ransomware targets – Fotolia_42418815__locked_files_copyright_alexyndr_fotolia_com_LR

.txt, , .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .java, .jpeg, .pptm, .pptx, .xlsb, .xlsm, .db, .docm, .sql, .pdf

After performing encryption of data, this toxic virus send information to the command & control server present at The pop-up which keeps appearing on screen display data, hostnames, username and machine name in order to look useful and legitimate. Further it creates bunch of files called new.bat to executes various commands to remove shadow volume copies and disable Windows automatic start up repair.

Source –

Behind all these things, hackers motives is to earn profit at any cost. As you have already read above that it forces to pay ransom for decryption. Though there is no guarantee that you will get back all your files or not. Trust me, its just a scam to get you bank account details. Once they get details, they steal money from your account without your knowledge. Not only this, its impact is very bad on computer system. It makes speed and performance of system very slow and sluggish including start up, shut down, net surfing, playing games etc. It also misguides web browsers like Chrome/IE/Firefox etc in accordance with not to allow performing any useful task.

If you are one of them whose system is infected with virus, visit this