Skip to main content
Home Crytox

Crytox

Category: Malware

Type: Ransomware

Platform: Windows

Variants: win_crytox_auto, win_crytox_w0, Win64.Ransom.Crytox, Crytox V2, Win32.Ransom.Crytox, Cryptox.Locked, Crytox.Generic, Crytox.D, Trojan.Ransom.Crytox, and Crytox (Phobos-based)

Damage potential: File encryption and corruption, data loss, unauthorized access, system performance issues, operational downtime, and financial loss.

Overview

Crytox is a ransomware, known for encrypting both local disks and network drives on Windows systems. It was first discovered in 2020. Unlike many modern ransomware strains that use double extortion tactics, Crytox does not exfiltrate data. Instead, Crytox only encrypts files and asks for a ransom to unlock them.

The ransomware sends the victim a ransom note, giving them five days to pay. It uses the uTox messenger app as a tool for the victim to communicate and negotiate with the attackers. After execution, it deletes itself, leaving behind only the ransom note and the uTox client.

Despite its operational presence since at least 2020, Crytox has received less attention compared to other ransomware families.

Possible symptoms

The main symptom of a Crytox infection is that your files become encrypted and inaccessible. You will also see a ransom note on your screen with payment instructions and a deadline. You might also notice some early signs that ransomware is starting to take over your device:

  • Your device might become slower.
  • You might notice a higher CPU usage.
  • You might notice unusual network activity and the installation of unwanted programs, specifically the uTox messenger application.
  • You might have trouble with your network connection or notice unauthorized connections.

Sources of the infection

Crytox may infiltrate the device through:

  • Other malicious software that installs the ransomware
  • Files downloaded from phishing emails
  • Malicious websites
  • Exploitation of vulnerabilities in software or systems

Protection

Following general cybersecurity practices will help protect you from ransomware:

  • Do not click on suspicious links or attachments in emails, especially if they come from unknown senders.
  • Use complex passwords and turn on multi-factor authentication (MFA) for added security.
  • Use tools like NordVPN’s Threat Protection Pro™ to block malicious websites and harmful ads.
  • Be cautious with external devices like USB drives. Always scan them for malware before use.
  • Regularly back up important files.
  • Keep your software updated to ensure you have the latest security patches.

Crytox removal

You can use antivirus software to remove Crytox ransomware:

  • Disconnect the infected computer from the network to prevent further spread.
  • Restart your computer in safe mode.
  • Run a full system scan with trusted antivirus software.
  • Restart your computer and run another full scan to make sure there are no traces left.
  • If you have a backup of your important files, you can perform a full system wipe to remove the ransomware and restore your data from the backup.
  • If you need help removing the ransomware or recovering files, reach out to cybersecurity experts.

Paying the ransom is not recommended because it does not guarantee you'll get your data back and encourages further attacks.