CryptoHost, also recognized as ManameCrypt, is not a fresh ransomware. Security researchers have been aware of it for a while and figured out how this specific infection proceeds. Like all of the encryption monsters, CryptoHost also targets valuable data on your hard drive. However, crooks seemed to have lost their touch with this virus: the password to retrieve your files is identified pretty easily, you just have to know where to look.
About CryptoHost virus
After becoming infected with CryptoHost ransomware, at first, people might not notice anything. However, shortly after the unfortunate arrival, virus finds files with extensions like: .html, .exif, .txt, .odt, .doc, .docx, .ppt, .pptx, .xls, .xlsx, .asp, .aspx, .sql, .rtf, .csv, .bin, .reg, .cer, .sln, .wsc, .ai, .zip, .rar, .srf, .crw, .bdf, .bat, .avi, .mkv, .mov, .mpg, .mpeg, .flv, .wmv, .eps, .qic, .xml, .mdb, .db, .pdf, .ps1, .sct, .jpg, .jpeg, .gif, .png, .bmp and places them in an archive, secured by a unique password. To be automatically louded every time you launch your PC, CryptoHost virus intrusively alters your Windows Registry. Security researchers have concluded that the most crucial changes are made to HKCU\Software\Classes\FalconBetaAccount and HKCU\Software\Microsoft\Windows\CurrentVersion\Run\software entries.
Of course, soon after, CryptoHost virus will benevolently offer its services to assist you in the retrieval of your data. Such message will lock your screen and show a scary content. Infected victims only get 10 days to decide whether they want to get back their files at the primary fee. After the given amount of time runs out, the ransom might increase.
How to Retrieve Files Locked by CryptoHost virus?
CryptoHost ransomware virus demands that the ransom (approximately 0.35 Bitcoins) would be transferred using the Bitcoin payment systems. In this way, crooks are able to conceal their identity and get away with such cyber scams. After you pay the ransom, there is no way to be unshaken by the possibility of not getting the promised password. Actually, you should not even think about the option of paying: security researchers are glad to announce that it is not that difficult to retrieve files. At first, you should enter the AppData directory and look for cryptohost.exe file. Delete it and do the same thing with the registry key that enables CryptoHost ransomware every time you turn on your PC. CryptoHost virus does not create the password from thin air: it incorporates specific technical details in it. You have to look for a file with extension .rar in the Roaming Folder. Simply put, the password for the sealed archive is the name of this .rar document, added with your Windows username. With this specific combination, you should be able to regain the control of your files.
Update: the decrypter is now available at here: link. You can download it absolutely for free and successfully decrypt your files.
How is CryptoHost Virus Spread?
CryptoHost virus might put in motion several tactics to penetrate into computer systems. First, it might utilize the strategy of adding infectious attachments to email letters. Security researches have noted that users should never download files called uTorrent.exe from their email accounts. Basically, Spam folders should be regularly cleaned and left empty. Ransomware viruses can be camouflaged with seemingly harmless files that trigger no instant fear or distrust. Long story short, never download such content. In addition to this, many viruses can be added to free programs. Optional software is a culprit for numerous infections, circulating around Internet users. Pick advanced/custom modes for installations and prevent additional software from being prepared alongside the one you voluntarily initiated.