Cryptorbit is a type of ransomware that ciphers personal information and requests a ransom to recover the encrypted files. Once the system is infected, a warning with the following message is displayed:
Your personal files are encrypted. All files including video, photos and documents, etc… on your computer are encrypted.
The types of affected files include Word, Excel, image, music, video, PDF and other data files.
The warning which appears on the screen tells the victim to download Tor browser and to access the search engine based on Onion to pay for the ransom.
Step 1: Disinfect the machine
Download and run Panda Cloud Cleaner tool to disinfect this virus.
For detailed steps, please refer to article How to remove viruses with Panda Cloud Cleaner.
Step 2: Recover the affected files
In order to retrieve the affected files, please follow the steps below:
- Download and install Shadow Explorer.
- Once installed, browse to the location where the affected files are.
- Select a date prior to the infection.
- Select the affected file or folder, and choose the Export option.
This procedure will let you recover previous versions of the affected files.
How to prevent infections
Panda products protect your systems against this type of malware, so ensure your antivirus is updated at all times.