CryptoLocker Ransomware

CryptoLocker Ransomware looks similar to the FBI MoneyPak Virus and other MoneyPak Viruses. It locks down your computer and then asks for a ransom to unlock it.


The major difference is, with other ransomware viruses, the virus can be removed and you get your files back. With CryptoLocker the  encryption used is 2048 bit RSA – very strong encryption. The key to decrypt your files is stored on a remote server at the hackers location. It is virtually impossible in this case to break the encryption. You have 3 days to pay the ransom and get your key, or the hacker’s server automatically deletes your decryption key and your files remain locked forever.


If you pay the ransom  your payment will be verified, which can take 3-4 hours to complete. Once the payment has been verified, the infection will start decrypting your files. This process also takes quite a long time.

Since removing the infection will not get your files back, the key with this virus is to prevent infection and/or make sure you have a backup of your files. In some cases it’s also possible to recover your files from a Shadow Copy, which means you have to make sure you have System Restore turned on. If you don’t have a backup of your files, the only way to get your data back is by paying the ransom, so make sure you have some type of backup.

Nick over at FoolishIT created a program designed to protect you from CryptoLocker, called Cryptoprevent. If you  don’t think you can operate the program, or if you’ve been infected, please contact me .