Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Crypto Locker ransomware

13 Sep 2013   #1

64-bit Windows 8.1 Pro
Crypto Locker ransomware

I heard reports of a new piece of malware that is going around. This one is particularly nasty, It Encrypts all of the data on your drive and mapped network drives with a RSA 256 bit AES key. Once encrypted there is no way to decrypted. The only way to get the files back is from an off site backup (because if the backup drive is local it also gets encrypted) or to actually pay them the money in which they apparently decrypt your data.

Crypto Locker ransomware-crilock.png

Source... Crypto Locker - Virus, Trojan, Spyware, and Malware Removal Logs

Play it smart ... make regular backups of your system!!!

My System SpecsSystem Spec
13 Sep 2013   #2

Win7 Ultimate X64

WOW just read up on this and its a nasty piece of kit, just unplugged my raid NAS before leaving the office for the weekend
My System SpecsSystem Spec
13 Sep 2013   #3
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10

Quote   Quote: Originally Posted by Tews View Post
Play it smart ... make regular backups of your system!!!

Backup Complete Computer - Create an Image Backup
My System SpecsSystem Spec

23 Oct 2013   #4

Windows 7 Ultimate

My brother got this horrible virus at work and not only he but also a few other guys, it seems it was a targeted attack or smth. Really scary stuff. For those who have the same problem, I recommend using Shadow Explorer.

ShadowExplorer - Recover Lost Files and Folders

Remove CryptoLocker virus and restore encrypted files

By the way, they were using fully updated antivirus software that didn't help. So, you may also want to use this tool:

CryptoPrevent | Computer Technician - PC Repair Software |Foolish IT LLC

My System SpecsSystem Spec
26 Oct 2013   #5

Win 7 x64

I created a video describing some possible steps you can take to help prevent getting the CryptoLocker virus. It seems like most people infected get it through an email attachment which looks like a pdf. You can also mitigate the harm it does by having a good backup not connected to your PC as described in the previous posts in this thread. I got the info from the bleepingcomputer website's writeup on this virus.

Link to website: CryptoLocker Ransomware Information Guide and FAQ

My System SpecsSystem Spec
12 Nov 2013   #6

Windows 7 Pro x64 SP1

As has been said so many times. BACKUP BACKUP BACKUP.

You can never have enough backups. Image backups are really important in cases like this.

My System SpecsSystem Spec
14 Nov 2013   #7

Windows 7 Home Premium x64

And how much you want to bet that the people who do pay don't get their files unlocked?
My System SpecsSystem Spec
14 Nov 2013   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1

You may be interested in what (Grinler) Lawrence Abrams has to say .....

Soaring Bitcoin prices hurt the wallets of users paying CryptoLocker ransoms - News
And this

the crooks behind this scam began easing their own rules a bit to accommodate victims who were apparently willing to pay up but simply couldn’t jump through all the hoops necessary in the time allotted.
“They realized they’ve been leaving money on the table,” Abrams said. “They decided there’s little sense in not accepting the ransom money a week later if the victim is still willing to pay to get their files back.”
My System SpecsSystem Spec
16 Nov 2013   #9

Windows 7 Ultimate Retail Box (64-bit installed) + Service Pack 1

What are the known spread methods for getting this virus in the first place?

Running a big executable that does all the dirty work that was disguised or part of something else a user wanted?
My System SpecsSystem Spec
16 Nov 2013   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1

How do you become infected with CryptoLocker
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
source: CryptoLocker Ransomware Information Guide and FAQ
My System SpecsSystem Spec

 Crypto Locker ransomware

Thread Tools

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:17.
Twitter Facebook Google+