CryptoLocker Ransomware

CryptoLocker, also identified as Trojan:Win32/Crilock.A, is a Windows locker Trojan that modifies a range of files on your PC to make them temporarily unusable and demands that you pay a fee before you can acquire the key to decrypt the affected files. As an added incentive to submit to CryptoLocker's ransom, CryptoLocker also warns that any attempt to remove the infection from your PC will cause the associated key to be deleted. Despite these threats, SpywareRemove.com malware experts consider it unlikely that criminals would bother to restore any affected PCs to normal after receiving their illegal payments, and continue to recommend the use of standardized anti-malware programs and decryption technology for combating CryptoLocker and all similar PC threats.

CryptoLocker: a File Lockdown on a Countdown to Data Storage Doom

CryptoLocker is one of the relatively rare types of ransomware that follow up on their threats of encrypting the files on your PC, as opposed to threatening to do so and then using a pop-up alert to block your Windows access in general. Similar Trojans that perform approximately the same attacks include Trojan.Ransomcrypt.E, Win32:Ransom-AOQ, 'Say Hello To Little Virus Brings A Lot Of Problems' Ransomware and the ArchiveLock Trojan. Like most other PC threats of its type, CryptoLocker informs you of the attack by displaying a warning message that demands payment of a criminal's ransom fee – in this case, one approximating one hundred USD. This pop-up can block access to your desktop, which causes CryptoLocker also to be referred to as a Windows locker or Winlocker Trojan.

CryptoLocker doesn't try to portray itself as an arm of any kind of law enforcement agency, but its file encryption attack does prevent you from using the affected files and has the added urgency of a countdown timer until the offered ransom solution is withdrawn. CryptoLocker's encryption attack, a basic attack that re-arranges file data to make the files inoperable without deleting their contents, targets media and text files such TXT, JPG and AVI. Note that any applicable files on removable devices also are affected by the encryption attack.

Beating a File-Locker at Its Own Game

Although CryptoLocker takes significant time to make it seem like paying criminals is the only way to get your files returned to you safe and sound, SpywareRemove.com malware research team can suggest several alternative ways of coping with a CryptoLocker infection. Free decryption utilities are available from a variety of sources and may be used to try to undo the file encryption attack of CryptoLocker, and anti-malware applications can be used to remove CryptoLocker itself. However, if, as is recommended, you keep your files backed up to a safe source such as a writable DVD, CryptoLocker's attack can be ignored entirely – since you simply can restore all affected files from your backup without bothering to undo the encryption.

Because of the high stakes in any CryptoLocker infection, avoiding CryptoLocker is especially recommended as even preferable to removing CryptoLocker from your PC safely. Previous attacks by similar high-level PC threats have been known to use corrupted websites hosting drive-by-download attacks and/or disguised e-mail attachments, which can be blocked by the combined security of strong browser security features and anti-malware tools with Web-monitoring features.

Technical Details