CryptoLocker computer virus is real and nasty. Beware!

computer virus

There’s a very nasty computer virus called CryptoLocker that targets computers running Microsoft Windows.

First surfacing in September 2013, the virus may be disguised as a legitimate email attachment. When you open the attachment, however, unlike other viruses that simply delete your files, thereby allowing for the possibility of some file recovery, CryptoLocker will securely encrypt them using a special private key.

When your computer’s been infected by CryptoLocker, you’ll see a message like this:


Recovery of your files is impossible without CryptoLocker’s encryption key that they’ll give you only in exchange for a ransom payment.

That is why CryptoLocker is called a ransom malware.

The ransom must be paid by a stated deadline through either Bitcoin or a pre-paid voucher.

Although the CryptoLocker virus itself is readily removed, the files in your computer remain encrypted until you pay the ransom. Many say that the ransom should not be paid, but do not offer any way to recover files. To make things worse, paying the ransom is no guarantee that your files will be decrypted and restored to you. Other malware has employed similar tactics in the past, but CryptoLocker’s encryption is much more secure and is currently not possible to crack.

The steps to guard against CryptoLocker are the same good practices that should be employed to guard against any malware attack or hardware failure:

1. Make sure you’re using antivirus software and that it’s kept up to date. Thankfully, most antivirus applications can now detect and remove CryptoLocker, but are only of use if they catch it before the encryption occurs.

2. Make sure that you regularly back up all your data. These backups should be in a form that’s disconnected from your computer by using an external USB drive that you don’t keep permanently connected to your computer. CryptoLocker will seek out any connected USB drives and network shares, and attempt to encrypt those files, too. This can also apply to files being synced to Cloud services, although you should often be able to retrieve previous, and therefore unencrypted, versions of these files via the Cloud service provider. Users of Windows starting with XP Service Pack 2 may also be able to retrieve previous (and therefore unencrypted) versions of their files, by right-clicking on an encrypted file and selecting “Properties,” then “Previous Versions.”

3. Email is CryptoLocker’s primary mode of attack, so avoid opening any email attachments from untrusted sources or that appear in any way suspicious. This should include attachments sent from banks or financial institutions and, particularly in the case of CryptoLocker, from courier companies or from Companies House.

4. Make sure the email scanning feature of your antivirus software is configured and enabled.

PCAdvisor suggests that you check right now whether CryptoLocker has found its way onto your PC by downloading and run Malwarebytes Anti-Malware. This will scan for the Trojan and remove it for you if discovered.

I have Malwarebytes Anti-Malware, one of three antivirus software I use. Malwarebytes is free. In fact, it’s running a quick scan on my laptop right now.

See also:

Sources: PCAdvisorWikipedia

H/t FOTM’s joandarc


11 responses to “CryptoLocker computer virus is real and nasty. Beware!

  1. Thank you for the warning, Dr. Eowyn. That is one seriously dirty trick!


  2. For cyber-criminals such as these, I think the Islamic punishment of cutting off a hand is an excellent idea whose time has come! Good thing I’m a Christian, or I might come up w/something more severe, such as beheading…. Hey, I’m SERIOUS on this! Enough is enough: this is global Internet terrorism, IMO. Imagine holding millions hostage to this nonsense, and you’ll get my point.


  3. These people are beyond disgusting! May they each and everyone be plagued with terminal diarrhea. Diarrhea so ghastly that they don’t have enough time off the toilet to dink around coming up with stuff like this.


  4. Reblogged this on crypticpunk [krip-tik] [puhngk] and commented:
    Freddy;s Note: This is a serious threat. The encryption they are using is serious and probably only the NSA could decrypt it.


  5. And the hits just keep on coming…

    “Cryptolocker Ransomware Evolves to Spread on Its Own,” by Paul Wagenseil, Tom’s Guide via Yahoo! News, 3 Jan 2014

    It’s become a worm that “can now propagate itself, rather than relying on gullible humans to open infected email attachments or point their browsers at corrupted Web pages.”


      • As I wrote above: “Enough is enough: this is global Internet terrorism, IMO. Imagine holding millions hostage to this nonsense, and you’ll get my point.”

        How much worse does this have to get before MEANINGFUL action is taken? I’m serious about cutting off their hands, and maybe do as the Shah of Iran did to end heroin trafficking: execute the dealers by firing squad, shown on state TV w/the news. A year later and surprise! No more heroin, no more dealers!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s