CryptoLocker, detected by Sophos as Troj/Ransom-ACP, is a malicious program known as ransomware.
Some ransomware just freezes your computer and asks you to pay a fee. (These threats can usually be unlocked without paying up, using a decent anti-virus program as a recovery tool.)
CryptoLocker is different: your computer and software keep on working, but your personal files, such as documents, spreadsheets and images, are encrypted.
The criminals retain the only copy of the decryption key on their server – it is not saved on your computer, so you cannot unlock your files without their assistance.
They then give you a short time (e.g. 72 hours, or three days) to pay them for the key.
The decryption key is unique to your computer, so you can’t just take someone else’s key to unscramble your files.
The fee is $300 or EUR300, paid by MoneyPak, or BTC2.
You can use the free Sophos Virus Removal Tool (VRT).
This program isn’t a replacement for your existing security software, because it doesn’t provide active protection (also known as on-access or real-time scanning), but that means it can co-exist with any active software you already have installed.
The Virus Removal Tool will load, update itself, and scan memory, in case you have malware that is already active.
Once it has checked for running malware, and got rid of it, then it scans your hard disk.
If it finds any malicious files, you can click a button to clean them up.
If CryptoLocker is running and has already popped up its payment demand page, you can still remove it and clean up, but the Virus Removal Tool cannot decrypt your scrambled files – the contents are unrecoverable without the key, so you may as well delete them.
Even if you don’t have CryptoLocker, it is well worth scanning your computer for malware.
The criminals are known to be using existing malware infections as “backdoors” to copy CryptoLocker onto victims’ computers.
We assume their reasoning is that if you have existing, older malware that you haven’t spotted yet, you probably won’t spot CryptoLocker either, and you probably won’t have backup – and that means they’re more likely to be able to squeeze you for money later on.
Although it might be possible to recover files encrypted by CryptoLocker malware by paying the ransom, we highly recommend you to forget this option. The decryption software might come bundled with more malicious files, or might not help you to retrieve your precious records at all. Additionally, if you paid, you would fuel up criminals’ efforts and induce them to continue evolving and distributing this virus.
IMPORTANT. If you think that you have been infected by CryptoLocker, there is a great chance that you are mistaken. The original virus has been defeated several years ago and is no longer distributed. If the ransom note says that you are infected with CryptoLocker, it might not be true – some viruses pretend to be this fearsome ransomware just to frighten the victim. Besides, some fake versions of this malware can be decrypted. We strongly recommend you to run a system scan to find out what is the actual name of the virus, or send us a question providing the name of the ransom note, file extensions added to encrypted files and maybe some pieces of information the ransom note contains. It would also be helpful to hear what kind of picture the ransomware sets on the desktop – all this data can help us identify what virus has affected your PC. Alternatively, you can take a look at these data recovery suggestions and choose the desired method to recover your files:
If your files are encrypted by CryptoLocker, you can use several methods to restore them:
Use Data Recovery Pro to recover your files
Many programs promise to recover your files after they get deleted, corrupted, or damaged in another way. We recommend using Data Recovery Pro – it might help you to recover some files. Instructions below will help you to start this program and scan the system for encrypted data.
Download Data Recovery Pro (http://www.2-spyware.com/download/data-recovery-pro-setup.exe);
Follow the steps of Data Recovery Setup and install the program on your computer;
Launch it and scan your computer for files encrypted by CryptoLocker ransomware;
Restore them.
Use Windows Previous Versions method to recover individual files
If your personal files have been distorted by this malicious ransomware, try to rescue a few of them by taking advantage of Windows Previous Versions feature. Sadly, this method is only effective if System Restore function has been enabled on the system.
Find an encrypted file you need to restore and right-click on it;
Select “Properties” and go to “Previous versions” tab;
Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
CryptoLocker decryption tools
If your PC has been infected by a version of CryptoLocker, use the appropriate tool to decrypt them. Below we provide a list of free decryption tools capable of restoring encrypted files:
Files locked and _crypt0 file extensions added? Then use this Crypt0 ransomware decryption tool.
Files encrypted and have .CryptoTorLocker2015! file extensions now? CrypTorLocker2015 decrypter can be downloaded from here.
PCLock ransomware does not append specific file extensions, but you can easily identify this virus by running anti-malware software. Files can be decrypted with this PCLock Decrypter.
Unfortunately, there are the only viruses that can be decrypted. If more decryptable versions appear, we will update the article.
I wish you good luck!!!
