5Star CyberSecurity
Cryptolocker Virus
Cryptolocker Virus

Cryptolocker Virus Definition

Cryptolocker is a malware threat that gained notoriety over the last few years. It is a Trojan horse that infects your computer and then searches for files to encrypt. This includes anything on your hard drives and all connected media — for example, USB memory sticks or any shared network drives. In addition, the malware seeks out files and folders you store in the cloud. Only computers running a version of Windows are susceptible to Cryptolocker; the Trojan does not target Macs. Once your desktop or laptop is infected, files are "locked" using what's known as asymmetric encryption. This method relies on two "keys," one public and one private. Hackers encrypt your data using the public key, but it can only be decrypted using the unique private key they hold. The Cryptolocker virus will display warning screens indicating that your data will be destroyed if you do not pay a ransom to obtain the private key.

Common Infection Methods and Risks

The most common method of infection is via emails with unknown attachments. Although the attachments often appear to be standard file types such as *.doc or *.pdf, they in fact contain a double extension — a hidden executable (*.exe). Once opened, the attachment creates a window and activates a downloader, which infects your computer. Because the program is a Trojan, it cannot self-replicate, meaning it must be downloaded to infect your computer. In addition to malicious email attachments, this malware may also come from websites that prompt you to download a plug-in or video player. Typically, you will see nothing wrong with your computer until all files have been encrypted. Then, a warning will pop up indicating that you have been infected and show a countdown timer until all your data is destroyed. Many antivirus programs can remove this Trojan, but cannot decrypt your data. In some cases, users have re-installed the Trojan after removal in order to pay the ransom and unlock their data.

Protection from this Ransomware starts with safe Internet use — don't open any attachments from unknown email addresses, even if they claim to be from your bank or workplace, and don't download any files from an unfamiliar website. If you believe you may be infected, run a full system scan using a reputable antivirus program. It may be possible unlock your files if you regularly use Windows System Restore to create restore points, but in some cases, you may need to go even deeper and use a Rescue disk utility. Here, a disk image of the Rescue utility is created and copied to a DVD or USB drive. You will then have to boot your computer using this external media, which disinfects the machine. Again, there is no guarantee of full data recovery.

Cryptolocker can cause serious damage to personal and business computers. By always creating a physically separate backup of critical files, regularly running antivirus scans and avoiding unknown email attachments, you can minimize the chance of infection.

links related to the Cryptolocker Virus

What is Ransomware

Ransomware poses a threat to you and your device, but what makes this form of malware so special? The word "ransom" tells you everything you need to know about this pest. Ransomware is extortion software that can lock your computer and then demand a ransom for its release. In most cases, ransomware infection occurs as follows. The malware first gains access to the device. Depending on the type of ransomware, either the entire operating system or individual files are encrypted. A ransom is then demanded from the victim. If you want to minimize the risk of a ransomware attack, you should rely on high-quality ransomware protection software.


part of the malware family

Malware is a portmanteau of the words "malicious" and "software". The term malware, therefore, covers all malicious software that can be dangerous to your computer. This includes viruses and Trojans.

How to detect ransomware and protect yourself from it

When it comes to protecting against ransomware, prevention is better than cure. To achieve this, a watchful eye and the right security software are crucial. Vulnerability scans can also help you to find intruders in your system. First, it's important to make sure your computer is not an ideal target for ransomware. Device software should always be kept up to date in order to benefit from the latest security patches. In addition, careful action, especially with regard to rogue websites and email attachments, is vital. But even the best preventive measures can fail, making it all the more essential to have a contingency plan. In the case of ransomware, a contingency plan consists of having a backup of your data. To learn how to create a backup and what additional measures you can put in place to protect your device.

Fighting encryption Trojans

The most common ransomware infection routes include visiting malicious websites, downloading a malicious attachment, or via unwanted add-ons during downloads. A single careless moment is enough to trigger a ransomware attack. Since malware is designed to remain undetected for as long as possible, it is difficult to identify an infection. A ransomware attack is most likely to be detected by security software. Obviously, changes to file extensions, increased CPU activity, and other dubious activity on your computer may indicate an infection. When removing ransomware, there are basically three options available to you. The first is to pay the ransom, which is definitely not recommended. It is, therefore, best to try to remove the ransomware from your computer. If this is not possible, only one step remains: you will need to reset your computer to factory settings.

What forms of ransomware are there and what does that mean for you?

As mentioned above, the threat posed by ransomware depends on the variant of the virus. The first thing to consider is that there are two main categories of ransomware: locker ransomware and crypto-ransomware. These can be distinguished as follows:

Locker ransomware

basic computer functions are affected

Crypto ransomware

individual files are encrypted

The type of malware also makes a significant difference when it comes to identifying and dealing with ransomware. Within the two main categories, distinctions are made between numerous additional types of ransomware. These include, for example, Locky, wanna cry, and Bad Rabbit.

History of ransomware

Blackmailing computer users in this way is not a 21st-century invention. As early as 1989, a primitive pioneer of ransomware was used. The first concrete cases of ransomware were reported in Russia in 2005. Since then, ransomware has spread all over the world, with new types continuing to prove successful. In 2011, a dramatic increase in ransomware attacks was observed. In the course of further attacks, manufacturers of antivirus software have increasingly focused their virus scanners on ransomware, especially since 2016. Regional differences can often be seen in the various ransomware attacks. For example:

Incorrect messages about unlicensed applications:

In some countries, Trojans notify the victim that unlicensed software is installed on their computer. The message then prompts the user to make a payment.

False claims about illegal content:

In countries where illegal software downloads are common practice, this approach is not particularly successful for cybercriminals. Instead, ransomware messages claim that they are from law enforcement agencies and that child pornography or other illegal content has been found on the victim's computer. The message also contains a demand for a penalty fee to be paid.

The largest ransomware attack

One of the largest and most serious ransomware attacks took place in the spring of 2017 and was called WannaCry. In the course of the attack, approximately 200,000 victims from roughly 150 countries were asked to pay a ransom in Bitcoin.

Malware Penetrates Computers and IT Systems

For many computer virus writers and cybercriminals, the objective is to distribute their virus, worm, or Trojan virus to as many computers or mobile phones as possible – so that they can maximize malware penetration. There are three main ways in which this can be achieved:

Via Social Engineering

Infecting a system without the user's knowledge

A combination of both of these methods

In addition, the malware creator will often take steps to prevent the infection from being detected by antivirus programs.

Discover more in the following articles:

Social engineering

Malware Implementation Techniques

Combining Social Engineering & Malware Implementation Techniques

Why Cybercriminals Try to Combat Antivirus Software