Scams & Deception

Cryptolocker Malware Holds Computers Ransom for $300

Cryptolocker Malware Holds Computers Ransom for $300

A particularly nasty malware known as Cryptolocker holds computers users’ data for ransom and demands $300 to restore the files.

Sponsored links


This particular malware is spread in email attachments which claim to be from a legitimate businesses. It may also be spread via drive-by downloads (that is, software installed by simply visiting a malicious link).

Once installed, Cryptolocker “locks” the files on the computer by means of encryption, and the files can only be unlocked using an encryption key. If the user does not pay the $300 ransom in the allotted time, the encryption key is deleted, and the files are essentially lost forever.

Cryptolocker installs itself in the “Documents and settings” folder on Windows computers and scans the hard drive for certain file types to encrypt. One completed, the victim is shown a red warning screen with a ticking clock, displaying the time limit to pay the ransom, which is typically 72 to 100 hours.

Sponsored Links

The most common method for distributing Cryptolocker is via fake UPS, FedEx, or DHL tracking emails, using attachments disguised as PDF files. (See here and here for examples of such fake emails). Various other types correspondence have been used, but they always include an email attachment.

To prevent being tracked, the hackers behind Cryptolocker demand being paid via anonymous cash forms, such as Bitcoins or Green Dot MoneyPak.

To date, there is no known protection against Cryptolocker once it has been installed and files have been encrypted. Malwarebytes suggests that a System Restore or other recovery methods may restore some files. It also lists file types targeted by Cryptolocker:

3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

International Business Times states that paying the $300 does get a valid key and will restore your files, while some on this forum state that it may not.

Bottom Line

Cryptolocker is a real threat. The best defense against Cryptolocker is to avoid opening unknown email attachments or clicking on links posted on social media websites. It’s also best to keep your data backed up regularly. Some anti-malware apps are designed to prevent malware from being installed before they can cause damage.

  • Teton Charles

    There is something called CryptoPrevent, from a web site called Foolish IT. It is designed to stop this and others like it from even getting to run.

    I’m installing it at some of the most vulnerable computers at work (I’m an IT guy). We use Symantec (SEP), and it is pretty lousy at stopping or finding new things.

    I also get those spam emails claiming to be from UPS, FedEX, Facebook, the FBI and others. I put the attachments in a restricted folder on our file server. Usually it takes the SEP nightly scan about 2 to 3 weeks to figure out that there is a bug in there and “clean it”. A couple have sat in there for over a month.

    We’ve had stuff slip past SEP many times. We’re currently looking at competing products.

Scams & Deception

More in Scams & Deception

Celebrating the weird and fake since 2008.

Copyright © 2008-2016, Inc. Theme by MVP Themes, powered by Wordpress.