Ransomware Research

CryptoJoker Ransomware

CryptoJoker is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2015, this ransomware has been actively targeting systems worldwide.

Quick Facts

Ransomware Family
CryptoJoker
First Seen
December 1, 2015

How CryptoJoker Ransomware Works

File Encryption Patterns

CryptoJoker modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

..crjoker

Ransom Note and Payment Demands

After encrypting files, CryptoJoker displays ransom notes demanding payment for file recovery:

fileDECRYPT FILES.txt

Ransom message:

notes/DECRYPT FILES.txt

Note locations:

Desktop
fileGET MY FILES.txt

Ransom message:

notes/GET MY FILES.txt

Note locations:

Desktop
fileREAD.txt

Ransom message:

notes/READ.txt

Note locations:

Desktop
filereadme.txt

Ransom message:

notes/readme.txt

Note locations:

Desktop
fileREADME!!!.txt

Ransom message:

notes/README!!!.txt

Note locations:

Desktop
fileREAD NOW.txt

Ransom message:

notes/READ NOW.txt

Note locations:

Desktop
fileREAD NOW.txt

Ransom message:

notes/READ NOW.txt

Note locations:

Desktop
fileread this file.txt

Ransom message:

notes/read this file.txt

Note locations:

Desktop
fileПРОЧТИ.txt

Ransom message:

notes/ПРОЧТИ.txt

Note locations:

Desktop
fileРАСШИФРОВАТЬ ФАЙЛЫ.txt

Ransom message:

notes/РАСШИФРОВАТЬ ФАЙЛЫ.txt

Note locations:

Desktop
message

Ransom message:

notes/note.txt

Note locations:

Login

Technical Indicators

Associated Executable Files

The following executable files are associated with CryptoJoker ransomware:

  • Trojan-Ransom.Win32.Crypmodadv.wow-ba4e7b8df8d78a961b30e890c8721fe78c730c0f2c2a85c858369cd3a55f0f13
  • QuicklyLive.exe
  • Quickly Live.exe
  • 5627scan.scr
  • CryptoJoker.scr
  • cryptjoker.exe
  • CryptoJocker.scr

Elastio Can Help You

Don't let CryptoJoker ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

Learn MoreRequest a Demo

About This Analysis

This CryptoJoker ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like CryptoJoker.

Last updated: October 30, 2025

Recent Ransomware

Explore other threats in our database

View all ransomware
What is CryptoJoker Ransomware? | Elastio