CryptoPokemon ransomware decryption tool released

Ransomware is the new generation computer virus. It can completely lock down Windows 10 computer pretty much known to everybody. One of the recent strain of ransomware is CryptoPokemon. It encrypts your files and demands a payment of 0.02 Bitcoin to decrypt them. The good news is that Emsisoft has released a free ransomware decryptor tool to get rid of the ransomware.

CryptoPokemon ransomware decryption tool

CryptoPokemon ransomware decryption tool

The first thing you need to is not to panic, because there is a solution which can rid of this without paying anything.

What is CryptoPokemon ransomware

CryptoPokemon malware uses the Blowfish algorithm to encrypt disk files. The ransomware encrypts all your files using SHA256 + AES128. Then it puts up a note asking to transfer 0.02 Bitcoin to a specified wallet. The attacker has also disclosed their email id to contact them.

Here’s the ransom note in full:

All files on your computer are encrypted. Files have the extension CRYPTOPOKEMON.

Do not try to decrypt the files yourself, this will only contribute to the loss of all your data on the computer.

To decrypt files, please transfer 0.0200000 BTC to 1Lx46kNYSXTRwMWBxhxxdW3nisJ61yfVoW

After you transfer money, write to email , saying this word “12356749412506806744”.

For advanced users:

After transferring money, go to , and follow the instructions.

Your computer ID: 12356749412506806744

To enter the site, use the browser.


How to use the Emsisoft CryptoPokemon decrypter

Emisisoft decryptor for Cryptopokemon

The first thing you need to do is remove the CryptoPokemon ransomware using Windows Security System. If you don’t lock, it will again encrypt your files.

Once done, follow the steps below:

  1. Download the Emsisoft CryptoPokemon decrypter.
  2. Run the executable and confirm the license agreement when asked.
  3. Click “Start” to decrypt your files.
  4. It takes some time, and post that, the files are accessible.

Incidentally, the creators of this ransomware have just released the source code via a Twitter account with the handle “@PokemonGoICU”. You can find it on Github.

Posted by with Tags
Anand Khanse is the Admin of, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. He enjoys following and reporting Microsoft news and developments in the world of Personal Computing & Social Media.