Remove CRM Ransomware

The VoidCrypt family of file-lockers continues to be very active in 2021. The latest variant to join the ranks of this family is the CRM Ransomware. Users who fall victims to this attack may be unable to use free data decryption software. This is because the CRM Ransomware's file-locking mechanism is impossible to reverse or crack. Only the creators of this threat hold the key that can complete the file decryption process.

How Does the CRM Ransomware Attack Users?

The first thing that the cybercriminals need to do is to deliver their malicious software to as many users as possible. They may rely on different tricks to achieve this – fake downloads, malicious ads, email spam, pirated content, etc. The best way to ensure that your computer is safe from the CRM Ransomware and similar malware is to use an up-to-date antivirus product. In addition to this, you should try to stay away from suspicious files and Web destinations, such as torrent trackers.

Once the CRM Ransomware infiltrates a system successfully, it will immediately begin to encrypt files. When it locks a file, it adds the extension '.[poytemol@gmail.com][<VICTIM ID>].CRM' to the original filename. So, for example, if you had the file 'image.png', you would see it as 'image.png.[poytemol@gmail.com][<VICTIM ID>].CRM' after the attack.

Of course, the perpetrators do not stop here. In order to limit the data recovery options of their victims, they will also wipe out Shadow Volume Copies. Finally, the attack finishes off by dropping the 'Read-this.txt' ransom message. It explains the attack to the victim, and advises them to pay for the decryptor that the criminals offer. The payment should be in Bitcoin, but the crooks do not mention the sum. Instead, they provide two emails for contact – polytemol@gmail.com and peloment@tutanota.com.

Ignore their offer, and proceed to eliminate the threat with anti-malware software. After this, research the best data recovery software available online. Remember that the best way to recover from ransomware attacks is through a backup.

September 23, 2021