CryptoLocker - How To Remove?
CryptoLocker (alias Cryptographic Locker) is one application that you would not like to find on your computer. A lot of users confuse it with Locky ransomware, but this virus is not related to it. Locky ransomware uses .locky extension, you can read more about it here: https://www.2-viruses.com/remove-locky-ransomware. While Cryptolocker virus uses 6 random letters written in the lower case as the extension for the encrypted files. For instance, File.pdf.ghjytr would be the name of the file locked by Cryptolocker malware.
It is listed as a ransomware that is known to encrypt all very important files stored on your computer. Due to it being on your PC you will have a lot of difficulties to deal with this situation. Once CryptoLocker is installed on your computer, you will see the following message, named as HOW_TO_RESTORE_FILES, in the TXT and HTML file format:
“Your personal files are encrypted!
Your important files encryption produced on this computer: photos, videos, documents, etc. Here is a complete list of encrypted files, and you can personally verify this.
Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet: the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files…
To obtain the private key for this computer, which will automatically decrypt files, you need to pay 100 USD/ 100 EUR / similar amount in another currency.
Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server”
Don’t get too scared by the last statement of this message. Even though this ransomware is pretty serious and you will not be able to get back your encrypted files, you can remove CryptoLocker and prevent it from operating on your system as well as causing some more damage. CryptoLocker is a very similar ransomware to CryptoFortress, Buyunlockcode ransomware, CTB Locker ransomware, Simplelocker, TeslaCrypt, CryptoDefense and CryptoWall.
Perhaps the only difference is that all of those ransmowares ask you to pay 500 euros/usd, not 100, so CryptoLocker is a better option in a way. This ransomware uses Bitcoin payment system – a ransom has to be paid using it, so it is harder to track hackers who stand behind this. As we have mentioned before, there is no way to retrieve encrypted files, but still you need to remove this malicious application from your computer, if you don’t want any other files to be encrypted in the future. To do this, you should download one of three anti-malware scanners that are trustworthy and could deal with this issue, such as SpyHunter or StopZilla. Scan your PC with it and it will detect and remove the ransomware automatically. It is advised to regularly scan your computer with one of these anti-malware programs, if you don’t want to lose any data or money due to CryptoLocker or any other similar malware.
The manual removal instructions come next.
Update of the 2nd of March, 2017. We have discovered that CryptoLocker ransomware is back. In 2015-2016, distribution and the general activity of CryptoLocker was close to a minimum, but now, hackers seem to have reconsidered their position and are determined to transmit CryptoLocker once again. People from Europe is identified to be as the main audience to receive the newly distributed CryptoLocker variant. It spreads via malicious spam campaigns.
Update of the 13th of March, 2017. Early spring appears to be an active time for CryptoLocker. A fresh variant has been revealed and it targets Turkish-speaking users. Its ransom note is written in Turkish as well.
Update: the decrypter is now available at here: link. You can download it absolutely for free and successfully decrypt your files.