Cryptolocker is a relatively new kind of ransomware that was first detected in the wild in September 2013. Ransomware for those who do not know the term refers to malicious software that, when executed on a PC, encrypts files on it so that they cannot be accessed anymore unless decrypted.
Cryptolocker displays a ransom notification to the user of the system that states that the ransom -- usually between $100 and $300 -- has to be paid to unlock the files again. If the demand is not met in 96 hours, the option to do so will expire and the files will be lost forever.
The malware lands on PCs the same way other malware does. In the case of Cryptolocker, it is usually through email attachments that contain the malicious payload. This can be (fake) customer support emails from companies such as Fedex, UPS or DHS for example, and the payload is usually disguised as a PDF file using the same icon that PDF file use.
If you look at the full file name, you will notice that it is in fact an executable program ending with .pdf.exe that should never be executed.
If your computer gets infected because you have run the executable file and your antivirus solution did not pick up on it, the following background process is started by it.
If you notice that your computer is hit by the malware, you may want to disconnect it from the Internet to prevent further damage. This can be done by disconnecting the router from the Internet, or disabling the Internet connection on the local PC.
There is no option to decrypt the files, and while it is theoretically possible to decrypt them using brute force, the use of a unique RSA-2048 key makes this impossible for home users at this point in time.
There is however one option that you have: previous file versions. You can right-click any file in Windows Explorer, select Properties and then Previous Versions to display previously saved versions of that file on the system. While there is no guarantee that you will indeed find one, it is the best option that you have to restore important files on the system.
There is also the chance that you have backup copies of files. Most file synchronization services enable you to download previous copies of a file as well.
The best prevention is to know what you are doing on the PC you are working on. A basic understanding of how things work goes a long way in staying safe on the system. In fact, I believe that this is the best protection against many kinds of malware attacks you are exposed to on the Internet.
Good antivirus software should detect Cryptolocker by now. Malwarebytes and Symantec do detect it for example.
If you are particularly worried about your PC getting infected, you can run the tool CryptoPrevent on it. It locks down executable file from being run in directories that Cryptolocker is known to use.
This guide has been designed to provide you with a quick overview, and is not as detailed as the guides posted below. If you want to find out more about Cryptolocker, consult the following guides and pages:
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.