Cry Ransomware Removal

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Cry Ransomware for free. Our instructions also cover how any Cry file can be recovered.

If suddenly your files became encrypted and a strange message appeared on your screen asking you to pay money in order to access them again, then, unfortunately, you’ve become a victim of Cry Ransomware. This nasty threat is one of the latest additions to the growing family of Ransomware and on this page we are going to share with you all the possible ways you can deal with it. There is a removal guide below, which our “How to remove” team has prepared for all the victims who want to remove Cry Ransomware and not pay a penny to the crooks behind it. The detailed instructions will help you effectively detect and delete the threat from you computer. In addition, we have included some useful information about the way this virus spreads and the possible means of prevention and protection. It may really pay off in the future if you take a look at them now. 

A few words about Cry and the way it operates.

As any typical Ransomware, Cry is created with the sole aim to find and encrypt all the most regularly used data on the infected computer and then demand ransom for it. This malicious cryptovirus is programmed in such a way, that it silently infiltrates and encrypts all most common file types such as documents, pictures, music, videos, games, office files, etc. A complex algorithm of symbols prevents the files from being opened with any program and this way the victims are left with no access to their data. Without a doubt, this is one of the most harmful and hard-to-deal-with type of malware known to this day and, unfortunately, it turns out to be very popular with cybercriminals.

Cry hits your machine in three basic steps:

  • The infection process: The infection with Cry usually happens silently and it’s very hard to say when exactly the infection has taken place. Usually, this ransomware is distributed via spam emails, torrents, compromised webpages, malicious attachments, misleading links and fake ads. One click on the compromised carrier is enough for the infection to take place. The threat is very well camouflaged and often sneaks inside your machine with the help of a Trojan horse that creates a backdoor for the ransomware.
  • The encryption process: Once the virus is inside your system, it will immediately scan your hard drives for the targeted file types. Then, it will start the encryption process. The bad thing here is that there are hardly any symptoms that could indicate an encryption happening in the background and it is almost impossible to stop it before your data has already been damage. Sometimes, mostly on older machines, high CPU usage or limited RAM may eventually give you a sign that some additional activity is happening. In that case, you are advised to immediately turn off the computer and contact a security specialist before turning it on again.
  • The reveal of the malware with a ransom note: After Cry has completely finished its malicious deed, the malware will reveal itself with a ransom note. This note contains a message from the hackers behind the ransomware, which informs you that you have to pay a certain amount of money for a decryption key. The crooks will usually demand payments in Bitcoins (a form of nearly untraceable online currency) and may give you a short deadline and instructions on how to make the payment.

How to remove Cry Ransomware?

Removing the infection is a bit tricky. However, with the help of the removal guide below this task is possible. Deleting the infection from your system will block the hackers from accessing your computer, messing with it and introducing more malware. However, restoring the encrypted data won’t be possible simply by removing the ransomware. This is, unfortunately, the most harmful and irreversible effect of this malware. The crooks may promise you that with the help of their decryption key you will be able to unlock your files, but in fact, this is just the hook of hope they rely on to make you pay the ransom. There is no guarantee that you will get a decryption key once the payment is made, and no proof that it will really work. That is why paying them is just as risky as not paying at all. But there is something else you could try. What we suggest here is trying to restore some of your files through system backups. The instructions below will show you how to do that, so it is at least worth to giving a try. If you have any copies on an external drive, you can also minimize the data loss. However, do not try to restore anything before you completely remove Cry. For an extra check, we suggest you also scan your PC with the professional Cry removal tool to ensure no leftovers are hidden somewhere on your system.


Name Cry
Type Ransomware
Danger Level High (Ransomware are by far the worse threat you can encounter)
Symptoms  A ransom note indicates the presence of the malware on your PC.
Distribution Method Usually, this ransomware spreads through spam emails, torrents, Trojan horse infections, misleading links and ads, compromised websites and infected installers.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Cry Ransomware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with Cry Ransomware

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment