How to Remove Cradle Ransomware and Recover Encrypted Files?

Help! I got a massage which said that my computer files were locked and I needed to pay for it to fix this problem. I was so nerves because it said there was only one software can unlock my computer. But I need to pay for it. Should I pay for it? I really needed help as I was afraid that it will damage my files! They were so important to me! Please help.

 

 

In fact, your computer may get infected with a malicious program called Cradle Ransomware. In fact, the malware deletes your important files rather than encrypt them. That you are asked to pay for these files is a mean of cheating. Thus, you should find and delete it as soon as possible.

It is recommended to scan your entire computer quickly.

 


About Cradle Ransomware

Threat Name Cradle
Category Ransomware ; Malware
Threat Level 8bar
Similar Version WildFire Locker Ransomware
Activity ①Encrypt important data ②Ask for a ransom ③ Degrade PC performance ④ Lock your PC
Distribution Method Via spam emails, Trojans, unknown shared files and free software.
Removal Guide Read the post or download a detection & removal tool!

 

More about Cradle Ransomware Virus

Cradle Ransomware belongs to Win32/bundpil family which is detected on Windows operating system. It leads to the system at high security risks as it will perform malicious activities on your computer. As long as it hacks your computer, it will scares you with security alerts in order to make you pay for its software. Cradle Ransomware also encrypt victims’ files and has a good concealing performance, which increase the difficulty of detection.

cradle-ransomware

 

 

Should You Pay the Ransom?

  • The price of the ransom. Whether can you afford the payment or higher price if you don’t pay for it immediately? It is not suggested to afford the price that is out of what your budge. In fact, it is not a reasonable price.
  • The security of payment methods. The links provided by Cradle Ransomware maybe not safe because you need to use Tor browser (anonymous and private browser) to enter the website of Cradle Ransomware, which means the homepage is not a legitimate website. So, there are risks in clicking these links.
  • The feasibility of the payment. It is not sure that you can get important files back after paying the ransom. Instead, cyber criminals may get a taste for the behavior and continue to extort more money from novice computer users. Therefore, you are not recommended to pay for the decryption key.
Note: The first thing computer users is to remove the Hacker Locker Ransomware. If you don’t get rid of the ransomware immediately, it will continue to encrypt your files when running in the background. Meanwhile, confidential information will be in danger of stolen and leakage. So, you’d better remove Cradle Ransomware as soon as possible under the manual guidance. However, manual method is complicated and time-costing. If you are not good at using computer, you’d better use professional removal tools in the post to remove Cradle Ransomware.

 

 

remove-cradle-ransomware

 

Cradle Ransomware Removal Guide

 

Manual Removal Guide

Step 1: Reboot the PC in Safe Mode

For Windows XP/Vista/7
For Windows 8
For Windows 10

Step 2: Stop Related Processes in Windows Task Manager

Step 3: Remove Hidden Files

Step 4: Clean up Registry Entries Related to Cradle Ransomware

Step 5: Restart Your Computer

Automatic Removal Guide (Recommended)

How to Recover Encrypted Files

Option 1: Use Windows Previous Versions feature

Option 2: Use System Restore


Manual Removal Guide

Step 1: Reboot the PC in Safe Mode

Make sure all external devices including any disks, USB or flash drives are out of your computer and then restart the computer. There are methods to enter Safe Mode for Windows XP/vista/7, Windows 8 and Windows 10.

For Windows XP/Vista/7

Press and hold the F8 key before Windows logo appears.

keyboard-f8

The Windows Advanced Boot Options Menu will pop up, you need to use the arrow keys to highlight Safe Mode option (Safe Mode, Safe Mode with Networking and Safe Mode with Command Prompt) you want, and then hit Enter key.

 

win7-safe-mode

For Windows 8

Move the mouse to the right side of the screen, click Settings button and select Power button.

 

win8-power

Press Shift key all time and then click Restart from Power menu.

shift-restart-1

Now you are in the Windows 8 boot menu, please click TroubleShot -> Advanced options -> Windows Startup Settings.

win8-safemode3step

 

Click Restart button in Startup Settings.

win8-startup-settings-restart

Press F4, F5 or F6 to enter Safe Mode.

For Windows 10

While holding down the Shift key, click Restart in Start menu (Click Start button, select Power and click Restart).

shift-restart-win10

! The rest of the steps are the same as steps of Windows 8.

Now you are in the Windows 10 boot menu, please click TroubleShot ->Advanced options -> Windows Startup Settings.

win8-safemode3step

 

Click Restart button in Startup Settings.

win8-startup-settings-restart

You compute will restart, and then Startup Settings menu displays. Now Press F4, F5 or F6 to enter Safe Mode.


Step 2: Stop Related Processes in Windows Task Manager

Cradle Ransomware will run in the background and continue to encrypt more files, so you’d better stop the process.

Right click on the Taskbar and select Start Task Manager/ Task Manager.

task-manager-windows-8

 

Press Processes tab, select suspicious processes related to Cradle Ransomware and click End Task/ End Process button.

windows-8-processes-in

 

※You can also navigate to Startup tab and disable suspicious items(Windows 8/10

 

 

Note: Can’t find traces of Cradle Ransomware in Task Manager? Indeed, as previous mentioned, Cradle Ransomware is good at hiding itself so that it can escape from eyes of human, which makes manual removal difficult. Hence, you are recommended to use a powerful detection & removal tool to remove Cradle Ransomware.

remove-cradle-ransomware

Step 3: Remove Hidden Files

  • Open File Explorer (My Computer icon)
  • Go to Folder Options

→Click Tools in the menu bar, and then select Folder Options… (for Windows XP)

xp-mycomputer

 

→Click Organize in the upper bar and select Folder and serach options (for Windows 7).

win7-folder-and-options

 

→Click View in the upper bar and select Change Folder and search option in drop-down menu of Option (for Windows 8/10)

 

change-folder

  • In Folder Options window, press View tab and then opt for Show hidden files and folders/Show hidden files, folders, and drives, click Apply and OK button.

showhideen

 

  • Go to Local C disk, check up folders and remove malicious items related to Cradle Ransomware.

※Here are files Cradle Ransomware may create (only for reference):

%UserProfile%\AppData\Local\Temp\RarSFX0\%UserProfile%\AppData\Local\Temp\RarSFX0\Ronms.exe

%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ronms.lnk

%UserProfile%\AppData\Roaming\wow6232node\

%UserProfile%\AppData\Roaming\wow6232node\Bamvenagxe.xml

%UserProfile%\AppData\Roaming\wow6232node\Ronms.exe

Step 4: Clean up Registry Entries Related to Cradle Ransomware

  • Open Start menu and select Run dialogue.

win8-run

  • Type “regedit” in the dialogue box and hit Enter key.

8regedit

  • In the Windows Registry Editor, click File and then select Find…

editfind

  • Type “hwid ” (victim id number) in search box and hit Enter key.
  • Or remove malicious files according to the following paths (only for reference):

HKEY _CURRENT_USER\Software\Wow6232Node\hwid[Your ID number]

HKEY _CURRENT_USER\Software\Wow6232Node\status

Note: If you are not familiar with or used to operate PC, you will make mistakes, which may lead to system crash. In order to avoid mistaken deletion, you’d better back up registry entries. If you have still difficulties in removing registry entries, it’d advised to use professional tools in the post, which is able to detect all suspicious items and remove them automatically.

 

remove-cradle-ransomware

Automatic Removal Guide (Recommended)

SpyHunter is a professional anti-malware program which is compatible with all Windows OS. The program can not only remove computer threats including adware, browser hijacker, worms, Trojan horse and so on but also prevent your computer from attack in the future. For a compute beginner, it is easy to use.

Option 1: Remove Cradle Ransomware with SpyHunter

Click the button below to download SpyHunter.

 

Open the downloaded files (SpyHunter-Installer.exe), and then click Run button when the window below appears.

spyhunter-installer-exe_

Select your language and click OK button.

ok-spyhunter1

Click Continue button to continue the Installation.

continue1

Opt for “I accept the EULA and Privacy Policy” and click Install button.

install3

Wait for several minutes before the installation is completed.

step-6-exit

After the installation is finished, click Exit button.

After installation is completed, run the SpyHunter, go to “Start a New System Scan” tab, and click “Scan Computer Now!

scan

After the scan is finished, screen shows all detected items in the list (click + to read more details about the infection).

Now, press “Fix Threats” button to remove all detected threat.

fixthreat

  • Restart the computer to take effect

Note: Unregistered version of SpyHunter provides free scan and result list. To remove detected threats completely, you need to upgrade to the paid version.

 


How to Recover Encrypted Files

Option 1: Use Windows Previous Versions feature

Enter File Explorer (My Computer icon), click one folder filled with files you want to restore.

eg-version1

Right click on the folder and select Properties.

restoreproperties

Press Previous Versions tab, select one of Restore points when files don’t be deleted and click Restore

restore-version

Click Apply and OK button.

 

Option 2: Use System Restore

  • Open Start menu -> Type system restore into the search box -> press Enter key.

typerestore

  • In the Restore system files and settings page, you can choose Recommended restore or choose a different restore point, and then click Next.

restore-point

 

  • Choose a restore point when Hades Ransomware doesn’t enter your computer and then click Next button.

win7-systemrestore-2

 

  • Click Yes button in the pop-up window and wait for completion of System Restore.

Warm Reminder: It is important to back up the system settings regularly, which always save your computer at the crucial moment. If your computer really gets infected with Cradle Ransomware, please remind that removing the Ransomware should be the first step because Cradle Ransomware may continue to encrypt more folders and files. To remove Cradle Ransomware quickly & safely, you’d better use powerful removal tools in the post.

 

 

remove-cradle-ransomware

 

Share on FacebookShare on Google+Digg thisPin on PinterestShare on LinkedInShare on TumblrShare on RedditShare on StumbleUpon

Leave a Reply