Cryptolocker is a type of malware that encrypts files on your device and network and holds them for ransom.
Cryptolocker was especially prevalent between September 2013 and May 2014. It successfully extorted around $3B dollars. This piece of malware was successfully taken down via Operation Tovar. During this operation, a security company obtained the Cryptolocker keys database and developed an online tool that helped to decrypt the files without victims having to pay the ransom.
However, even though Cryptolocker is no longer a threat, ransomware attacks have been prevalent in the last few years and caused great damage. New ransomware forms have emerged that rely more on targeted attacks rather than a wide distribution model.
Cryptolocker belongs to the ransomware family of viruses. It utilized a trojan to intercept Windows devices. Cybercriminals spread this malware via phishing emails and by using the existing Gameover ZeuS botnet. Users usually contracted it by opening seemingly innocent email attachments.
Once activated, Cryptolocker performs similarly to other types of ransomware — it scans your system for valuable files and then encrypts them by using asymmetric encryption. This two-key system encrypts the files with a public key, while a cybercriminal has the private decryption key. A victim then gets the message to pay a certain amount of money to decrypt the files.
In cases when asymmetric encryption is used for legitimate purposes, both the sender and the receiver share the same public key, while at the same time, each has their own private keys to decrypt the data. In the case of cryptolocker, cybercriminals own both public and private keys. So it is really difficult to crack the files encrypted by Cryptolocker.
Here a few signs of a possible Cryptolocker attack:
While security software can help you to discover ransomware early in the process, it is pretty difficult to identify such malware in its later stages. Usually, you need qualified security professionals to detect ransomware in its advanced stages.
It's difficult to remove Cryptolocker yourself — to do so, you need antivirus software to locate the malware and root it out. However, when Cryptolocker is active, and you have already seen a ransom note, you cannot do much.
Here are our tips on how to remove malware from various operating systems:
Here are a few tips on how to prevent Cryptolocker and other similar ransomware: