What is CryptoLocker
CryptoLocker is a ransomware program that was released in the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files.
This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins.
Once you send the payment and it is verified, the program will decrypt the files that it encrypted.
The infection will also hijack your .EXE extensions so that when you launch an executable it will attempt to delete the Shadow Volume Copies that are on the affected computer. It does this because you can use shadow volume copies to restore your encrypted files.
It can also encrypt files from your dropbox. Although there is a way to restore them by going to the previous versions option.
Since the release of the CryptoLocker Decryption Service it is possible to decrypt files without this registry key being available. The new decrypter provided by this service will instead scan your files and attempt to decrypt them using the embedded private decryption key.
Similar programs are out there that you can use to decrypt the files but you need to find the text file on your computer for the decryption to work.
Take note… decrypting is not 100% accurate and some files may not be accessible or recoverable.
There is hope on how to prevent it if your computer has not been infected by it.
CryptoPrevent Tool developed by FoolishIT LLC to prevent infection by adding the suggested Software Restriction Policy Path Rules to your computer.
http://www.foolishit.com/download/cryptoprevent/
Disclaimer…. Newer malware threats mimic the cryptolocker/cryptowall infection. Ask a professional for help to try recoverying your files.
As of this writing there are newer variants out there.
Info: The original CryptoLocker infection was disabled on June 2nd, 2014 when Operation Gameover took down its distribution network. Since then there have been numerous ransomware infections that have been released that utilize the CryptoLocker name. It should be noted that these infections are not the same infection.
=====
Was this helpful?
As we value quality over quantity, we have focused our unified I.T. services to Small and Medium businesses only to Arizona specifically in Phoenix, Scottsdale, Glendale Metro areas.
Our technicians are available the very instant you call us; thereby, ensuring no interruption of your usual business operations. In case you can’t access our contact page, our phone support is always available to cater to your calls. Just give us a ring at 480-464-0202.
