Did your browser crash unexpectedly, only to show you a red background on the screen that has the message: “Your personal files are encrypted”? It’s a message from a Cryptolocker infection saying that you have to pay a certain amount of money to remove Cryptolocker and the ransomware from your computer, or your data will be destroyed.
At first, this message seems to leave you with no other choice but to pay the amount Cryptolocker requires. However, the truth is you can still save your files without paying anything and remove the Cryptolocker virus from your system. All you have to do is follow a couple of important steps.
Learn More About The Cryptolocker Virus
In order to remove the Cryptolocker from your system, you have to learn how it operates and attacks. Basically, your computer has been attacked by a ransomware program which encrypts your data using a combination of RSA & AES encryption. It mainly infects operating systems via email from a legitimate sender that seems to be innocent. Cryptolocker attacks all versions of Windows and uses this encryption style to convince users they must purchase the required private key.
The emails containing the virus are usually messages that look official and feature a .pdf attachment or a scanned document. After downloading the attachment, the Cryptolocker starts encrypting your files. Learning which file types can be affected might help in restoring encrypted data. Here’s a list of the extensions you should have in mind:
“.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt“
Cryptolocker can be distributed through malicious or hacked websites, too. It can also be downloaded manually, by tricking the users into thinking they are installing an update for Windows. After encrypting the files, Cryptolocker notifies you that it requires $300; Otherwise, your data will be destroyed in 72 hours.
How To Remove Cryptolocker After Your System Has Been Infected?
Disconnect your computer from the network connection immediately. This action will protect you against additional file encryption, hence you’ll be able to save bits of your data right away. Next, remove the malware using one of the free malware software applications you can find online. Of course, you can do the same with a licensed (paid) antivirus program.
Afterwards, you should disconnect any USB storage devices and turn off cloud backup services to stop the malware from spreading, thus protecting your devices and online storage space. If you have the technical skills, go through the registry values for Cryptolocker and terminate the process tree.
You should also report your case to a cybercrime reporting point and let them know you’re a victim of Cryptolocker ransomware. This way, you’ll most likely get professional help and valuable advice.
Restore The Encrypted Files
Cryptolocker encrypts and stores your files in its storage space. It makes copies of your original files, encrypts them and deletes the originals. Therefore, you can use file recovery software to restore all the data that you’ve lost. Another way is to try the System Restore feature offered by Windows and use shadow copies.
Simply right-click the file you want to restore and choose Properties. You should be able to see all versions of the file by checking the Previous Versions tab. Find the folders and files you want to restore to their previous versions and select Export. Finally, choose the location where you want the data to be exported and click OK.
Keep in mind you should start Windows in “Safe Mode with Networking” and rid it from any malicious running processes. Also, there’s a chance that using a single anti-malware solution may still leave out some malicious threats in your computer. Hence it’s suggested that you clean the hard drive with multiple anti-malware solutions.
Decrypt Multiple Files Simultaneously
Using ShadowExplorer, you can expand the decryption process to multiple files at once with the help of shadow copies. Start the process by selecting the drive and the shadow copy date and time. Next, choose the folder and files you want to restore and select the Export option.
Some of the files and folders might not be easy to restore, but you should be patient and try to restore as many as possible. Otherwise, paying the $300 ransom may be your only option left.
How To Defend Against Cryptolocker
It goes without saying that you should always update and run your antivirus software. Most ransomware files can be detected by your antivirus solution, so it pays off to keep it updated at all times. Furthermore, back up all valuable data you store on a hard drive. Schedule regular routine backups and you will always have a backup, whatever the situation.
Lastly, you can contact us, at Inspired Techs, and we’ll do whatever it takes to guide you through the decryption process. We offer IT services of premium quality. Our experienced IT technicians are always ready to provide assistance in data security, networking, managed services, virtualisation, disaster recovery and much more.