Cryp1 Ransomware – new extension to UltraCrypter!

Cryp1 is the latest file encrypting script 

Updates: CryptXXX gained a lot of popularity with an extension named .cryp1, however, after some more detailed analysis, it appears that this ransomware has re-branded. UltraCrypter is the true name of the ransomware that stands behind the .cryp1 file encryption and it comes from the same CryptXXX family.

Updates: UltraCrypter not giving Decryption Key for .cryp1 after payment!

Recent attacks of a new Cryp1 ransomware have been detected by security researchers. This new threat has been identified as a version of UltraCrypter ransomware. The new threat encrypts files with a .cryp1 extension ending and as a typical ransomware leaves a ransom note.


Freshly created by hackers, Cryp1  is the latest file encrypting script that appears in a period of an increased activity of malware from the ransomware family. It has been spotted under different names such as Cryp1 Ransomware, Cryp1 encryption virus, Cryp1 Virus, Cryp1 extension, but all they point to the new version of the notorious UltraCrypter. 

Similar to its forerunner,  Cryp1 ransomware is a global threat, tough most reports are centered on English-speaking countries. It locks users’ files with a strong encryption algorithm and then asks money as a ransom for the decryption key. We have been witnessing how this modern form of cyber blackmailing’s  turning into very profitable and popular business model for cyber criminals for some time now. Cryp1 is not an exception and its main goal is to bring money to its unscrupulous creators by robbing unsuspecting victims.

.Cryp1 File Ransomware Virus Removal

Cryp1 spreads mostly through e-mails, containing a Trojan horse infection, which acts as a gate for the ransomware to enter the PC. Once Cryp1 make its way into the  system, the victims have to say bye-bye to a lot of files such as personal files, media files, images, MS office documents, PDF files and many more. Similar to UltraCrypter, it forgives no files at all and encrypts all the data available in the computer with a  .cryp1 extension at the end. 

Cryp1 ransomware downloads file decrypting instructions to each folder with encrypted files. These instruction files have the following endings –  !*.txt and !*.html.  There, users can find details on how to complete the payment of the ransom in exchange for the decryption key. The TOR link of Cryp1 ransomware is apparently the same as the UltraCrypter’s, however, it comes with a different destination website.

Security experts are working on analyzing the new version and its encryption algorithm, however, it is still not known how long it may take for a decryption tool to be released. In case your files are locked with this ransomware, our “How to remove” experts have prepared a removal guide, which may help you restore some of your data and minimize the loss.  After the shutdown of Teslacrypt, now UltraCrypter is  coming with fresh new versions, which remain undecryptable for now. Updates on this matter will follow. 


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment