What Is Cryptolocker Virus? How Did I Get Infected With The Ransomware Malware?
So how exactly does Cryptolocker virus work
, and how did you manage to become infected with the malware? Basically, CryptoLocker is a ransomware program that encrypts certain files on your computer using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display the Crypto Locker payment program information (red screen). How did you manage to get Cryptolocker virus on your copter to begin with? There's a pretty good chance if you became infected with the Crypto locker ransomware, it came to you in the form of a phishing
email. Basically, one of these emails is a message that looks somewhat official and with it is some kind of attachment. It may be a .pdf or look like a scanned document of some kind. Once the attachment is opened, Cryptolocker virus begins its dirty work.
Once Cryptolocker virus has made it's way to your computer, it begins to targets files with the following extensions:
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c
For those who don't know much about computers, files like .doc or .docx would be your word documents, while .jpg and .img target your photos, just to name a few of the files which are being attacked. When Cryptolocker ransomware finds files with these extensions, it encrypts them using a public key and then makes a record of the file in the Windows registry under HKEY_CURRENT_USERSoftwareCryptoLockerFiles.
After all the encryption competes, you then get the dreaded red screen demanding themalware removal
ransom. Although payment will result in decryption of your files, many professionals are suggesting you not pay the fines right away as there are other free ways to remove the virus and restore your files. Here's how.
Cryptolocker Virus Removal
: What To Do Once You Realize You Are Infected
1) If your computer has been infected by CryptoLocker, disconnect from your wireless or wired network right away to prevent further file encryption
2) Decide if you want to pay the ransom and have files decrypted or try to restore the files yourself.
3) If you choose to pay the ransom, do it BEFORE removing the virus. Once the ransom is paid, your files will all become decrypted over the course of 3-4 days.
4) After paying the ransom you may go ahead and remove the malware either using the freeMalwarebytes
program featured in the video below or using a paid antivirus
program on your computer
5) If you choose to try to restore your files instead DO NOT attempt to remove the malware yet! Go to the next section on restoring files infected by Crypto locker.
How to Decrypt / Restore Files Encrypted By The Ransomware
1) You will need to do a System Restore of sorts on your files via something called Shadow copies.
2) To restore the previous version of a document or file, just right-click the file in question and choose Properties.
3) If System Restore is you should be able to see the Previous Versions tab in the Properties window. This will list all of the versions on record of the file.
4) Choose a version before the Cryptolocker infection and click either Copy or Restore
5) Want to quickly see all the shadow copies on your system? Read the next section
How to Decrypt Multiple Files Encrypted By Cryptolocker Virus At Once
1) Download ShadowExplorer - a free tool
for exploring available shadow copies on your system. This tool will allow you to restore multiple files at once, which have been affected by Cryptlocker, decrypting them as they were before the infection.
2) When you install and run the tool, select the drive and the shadow copy date and time from the drop-down menu. Then, choose the folder and file you want.
3) Right-click and select Export. Choose where to restore the file.
If you have files, photos, music and email you cant risk loosing, I highly recommend Carbonite to backup your PC on a regular basis. You can get a free trial here:
Carbonite CJ 15 Day Trial