FANDOM


Cryptolocker

Cryptolocker is a popular ransomware trojan that can spread via email and is considered one of the first ransomware malware. The .EXE file for Cryptolocker arrives in a .ZIP file attached to an email message contains an executable file with the filename and the icon disguised as a PDF, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the .EXE file extension for the program.

Cryptolocker's payload encrypts the victim's files using a method of encryption that is quite difficult to crack or decrypt (RSA-2048), and refuses to unlock the files until the ransom of 500 units of currency ($500, €500, £500, etc.) is paid. However, people who have paid the ransom have not had their files decrypted yet. It gives about 72 hours for the user to pay the ransom, and if this is not done, then the program deletes the decryption code (preventing any recovery of data). The virus was last updated the 20th of November 2013 and is not as notorious as previous versions. While easy enough to remove, the files still remain encrypted. It has one other copy:Teslacrypt.

Only one known case of file decryption is currently known. A man put Cryptolocker on his computer and paid the ransom. It had worked but only for him.  

Once Cryptolocker has finished decrypting the files, it deletes itself just so the user can retrieve their files and use their computer again. 

This virus is based on a more popular ransom, WannaCry. 

Decryption

In early 2014, security firms FireEye and Fox-IT developed an online decryption tool for Cryptolocker victims. The website went offline in August of 2014, but can still be accessed via the WayBack Machine. 

Tool link: decryptcryptolocker.com 

Cryptolocker Background

Cryptolocker Wallpaper (NOTE: The link is removed for security reasons.)

Aliases

  • Trojan.Ransomlock (Symantec)
  • Ransom.C (AVG)
  • Trojan-Ransom.Win32.PornoBlocker.cel (NictaTech Free Web Scanner)
    Malwarebytes How to remove Cryptolocker01:42

    Malwarebytes How to remove Cryptolocker

  • Ransom.Worm.Cryptlocker.a (Kaspersky)

Media

CryptoLocker (Crilock) File Encrypting Ransomware09:50

CryptoLocker (Crilock) File Encrypting Ransomware

Watch CryptoLocker in action08:40

Watch CryptoLocker in action

CryptoLocker Ransomware What You Need To Know18:14

CryptoLocker Ransomware What You Need To Know

How to get rid of " Your personal files are encrypted! " (CryptoLocker removal guide)03:22

How to get rid of " Your personal files are encrypted! " (CryptoLocker removal guide)

Sources

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.