CryptoLocker is a file-encrypting ransomware which is designed to encrypt the personal documents found on a victim’s computer using RSA-2048 key (AES CBC 256-bit encryption algorithm).
The ransomware will then display a message which offers to decrypt the data if the user makes a payment of 2.2330749 BTC (around $499) within 96 hours. If the payment isn’t made, Cryptolocker warns that all of the data will be destroyed.
As a final blow to your security, CryptoLocker will then add the .7z.encrypted extension to all your images, videos and other personal documents.
The CryptoLocker virus is distributed in a range of ways. Malicious websites, or even seemingly legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission.
Cryptolocker can be spread via spam email that contains infected attachments or links to malicious sites. The message itself may be designed to look like it’s from an established, legitimate company – often a national courier, such as DHL or FedEx. It will coax you into opening an attached file, perhaps by claiming that there has been a problem with your order, or your shipment has been updated. Many recipients of these kinds of messages will click through to the supposed Word document or PDF to find out what’s happened, but in doing so they will infect their entire computer with the virus. Curiosity killed the cat, as they say.
Occasionally, Cryptolocker will trick the user into thinking they need to install an update to a piece of common sofrware, such as Adobe Flash Player. Again, once they have clicked on the link, they’ve opened their system up to the ransomware.
Unfortunately, the team here at Networking2000 can’t help you recover your files. We can only suggest that you use ShadowExplorer or another kind of free file recovery software. We can, however, advise you on how best to remove the infection itself from your systems.
The best thing to do is to remain vigilant, and advise staff of the threats posed by suspicious-looking email attachments.
If you’ve been affected by the Cryptolocker virus, contact us today for assistance.