Severity scale  
  (100/100)

CryptoLocker. How to Remove? (Uninstall Guide)

removal by - -   Also known as Crypto Locker | Type: Ransomware
12

No more CryptoLocker: the initial version is gone, but modified versions emerge one after another

CryptoLocker virus is a malicious cyber threat, which is categorized as ransomware Trojan. The threat was first spotted in 2013 and has been defeated in 2014 [1] when a group of researchers shut down Gameover Zeus botnet [2] which has been distributing malware until the fateful day. However, although this ransomware project is no longer active, it does not mean that its authors sit tight and do nothing. They are involved in various other ransomware projects; besides, CryptoLocker ransomware became a model of a powerful ransomware and therefore various other criminals started to create similar viruses, e. g. Locky, and even ones that pose as CryptoLocker. There is no surprise why his example of malware has inspired hundreds of criminals to start their own crime-related projects - CryptoLocker reportedly gathered more than 3 million dollars from victims who paid ransoms. Although the virus is no longer active, let's take a look at its modus operandi.

The main way used to spread it relies on seemingly harmless email messages. These messages typically contain malicious attachments, which carry the ransomware payload. When the victim opens it, the virus attacks the target PC system, encrypts victim's files and displays a ransom note, which is displayed below. No matter that it belongs to the same category as FBI virus, Police Central e-crime Unit virus or Department of Justice virus, this virus tries to convince its victims that they have to pay a ransom by encrypting their personal files. Cryptolocker [3] is the file-encrypting ransomware, so it uses RSA public-key cryptography to lock the following file types on victim's PC:

3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx.

As you can see, this list is full of widely used files names, such as doc, xls and similar. In order to restore them, it asks to pay a ransom via Moneypak, Ukash, cashU, or Bitcoin. Typically, this threat asks from $100 to $500, but the price can be bigger as well. According to the warning message, which is typically displayed by this threat, people have only a certain amount of time to pay a ransom and recover the connection to their files. The virus leaves the so-called ransom note, which showcases such information:

Your personal files are encrypted!

Your important files encryption produced on this computer: photos, videos, documents, etc. Here is a complete list of encrypted files, and you can personally verify this.

Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.

The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files...

To obtain the private key for this computer, which will automatically decrypt files, you need to pay [specified amount of money in EUR or USD] similar amount in another currency.

Click To select the method of payment and the currency. 

Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server.

Fortunately, Cryptolocker can not harm those who have been backing up their data and making extra copies of their files. If you have copies of your photos, business documents, and other files, you don't need to pay a ransom. You just need to remove this ransomware from your computer and prevent the additional damage. For Cryptolocker removal, we highly recommend using Reimage, which has been showing great results when eliminating files of this virus. For restoring your files, we kindly ask you to read data recovery options provided below the article.

However, it seems that frauds have decided to ease the rules for victims who choose to pay the ransom but simply cannot gather the fixed amount of money within the specified amount of time. Typically, when the anti-virus software deletes the ransomware, the victim can no longer pay the ransom. Therefore, the latest versions of CryptoLocker have a new feature to change the desktop's wallpaper when the anti-virus detects the threat and display a message on the screen informing the victim where to download the ransomware again in case he or she still wants to buy the decryption software. Although we highly recommend not to pay the ransom, we understand that some companies might not be able to survive without specifical data that has been stored on the compromised computers, so in such cases, paying the ransom might be the only chance to evolve the business. Again, we remind you that we do not recommend paying up. Keep in mind that you can never be sure whether criminals provide working decryption tools!

 

Cryptolocker

Methods used to distribute CryptoLocker virus

CryptoLocker is considered as one of the most efficiently distributed crypto-ransomware viruses and, speaking of its distribution, we have to say that authors of this virus combine several different techniques to spread the virus. [4] It has been noticed that they use both old and new distribution techniques, failing to comply with any moral norms. According to experts, Cryptolocker virus is spread using officially-looking emails, fake pop-ups, and similar techniques. Earlier, CryptoLocker ransomware has been distributed via hideous email letters that contained malicious attachments, malware-laden ads, which advertise programs or updates that actually contain the virus executive file, or exploit kits, which allowed crooks to infect victims' PCs by exploiting their computers' vulnerabilities. Beware that this threat can infiltrate your computer thru fake pop-up that claims that you need to update your Java, Flash Player or similar program, so make sure you install these programs from their verified developers' sites, not from some suspicious third-party sites.

On September 2016, several new ransomware distribution techniques have been spotted. The first one is based on malicious emails posing as letters from electricity supplier VERBUND. This company is not related to these scammers in any way - they just use a reputable company's name to convince users to click on malicious links or open infectious email attachments containing CryptoLocker. The message subject is Detailaufstellung zu Rechnung Nr. [numbers]. If you have received such letter, delete it immediately without clicking on links included in the message or opening attachments it contains! 

The second ransomware distribution method that has been discovered is a filthy and hideous way to trick the user and force him or her to open the malicious file containing the virus. Scammers pose as employees of health care companies and send deceptive emails that can cause a heart attack for the victim. They deliver a bogus blood test report, stating that the victim might be suffering from cancer due to the lack of white blood cells. The message asks to print out the blood test results that are in an attached document and bring these to the family doctor ASAP. Such news can make anyone panic, and force to open the attached document without even thinking that this is just a bait. When the miserable victim opens the attachment, the ransomware takes control over the system and encrypts all victim's files without any remorse. As you can see, cyber criminals can go very low because all they care about is money.

Tips on how to protect your data from being encrypted by ransomware:

If you want to stay safe, you should never trust misleading ads that pretend to be helpful because the only thing what they do is spread viruses and useless programs. Also, make sure you delete spam and double check every email that was sent to you by unknown senders. Besides, don't forget to disable hidden extensions (if you are using Windows OS) [5] and, to avoid the loss of your files, you should think about their protection. The first thing that you should do is to download a reputable anti-spyware on your computer. We recommend using Reimage. In addition, make sure you perform backups as frequently as possible because this could help you to recover your encrypted files. Finally, you should use such solutions as Google Drive, Dropbox, Flickr, etc. when trying to protect your extremely important files. However, keep in mind that this powerful virus might be able to access these online storage places via your Internet connection and encrypt these files, too. Therefore, it is recommended to store data backups on removable storage devices such as hard drives or USBs. Unfortunately, if you are infected with this ransomware right now, you should know that there is no official Cryptolocker decrypt tool yet. Nevertheless, you can check the guide given on the second page of this post and recover your files with some special tools. Don't forget to remove ransomware before recovering your files because it may disable them again!

CryptoLocker suggests its download link again in case the victim wants to pay the ransom

Malware that are related to this virus or pretends to be related to it:

Crypt0L0cker virus is one of file-encrypting ransomwares that are capable of infiltrating computers thru fake Java updates or thru infected email attachments. After encrypting victim's files, this virus adds ".encrypted" extension to each of them and starts showing a warning message, which asks to pay the ransom. This virus can also be called an improved Torrentlocker's version. Please, do NOT pay the ransom for the developers of this threat and use a guide below to fix your computer.

CryptoLocker-v3. When infected with this ransomware (you can download it after clicking on the fake popup that says that you need to update your Java or Flash Player), you can expect that it will block the most of your files. For encrypting the files, this threat uses RSA-2048 (a unique public key) and asks to pay 1 BTC, which is equal to $350 USD. Making this payment is equal to supporting the scammers and their future crimes, so you should never do that.

Cryptographic Locker is very similar to CryptoLocker ransomware. It shows for the victim what files were encrypted and asks to pay 0.2 BTC in exchange for the decryption key that is needed for recovering files. This ransom is equal to $100. Please, do NOT pay the fine because there is no guarantee that this will help you to recover the connection to your files. Instead of doing that, you should use a guide below.

PCLock ransomware is a dangerous threat that asks to pay 1 bitcoin (or $300) in 72 hours for unblocking the files. Fortunately, it is not as aggressive as the original CryptoLocker version, so you should be capable of eliminating it with the help of a guide below. After that, you should use this decryption tool that has been invented for unblocking encrypted files.

CryptoTorLocker2015 is capable of infecting not only Windows OS. It can also infiltrate Android OS and block the device. If this device is filled with precious photos or business documents, you can lose them. Fortunately, uninstalling affected application, which was used for downloading CryptoTorLocker virus to your computer can help you to remove this virus from your device. Also, you should use backups of your files to start using them again.

Crypt0 ransomware. Discovered in September 2016, this new ransomware variant also attempts to use a part of CryptoLocker's name to seem scarier than it is. This version appends _crypt0 suffix after the original file name, while other viruses add the extension after the original file extension. This ransomware leaves HELP_DECRYPT.TXT ransom note, which informs the victim about the attack and asks to contactfndimaf@gmail.com for data decryption instructions. The virus is a foolish copy of CryptoLocker and can be decrypted using this free Crypt0 decryption tool.

Il tuo computer e stato infettato da Cryptolocker! ransomware This virus is yet another version of CryptoLocker, searching for Italian-speaking computer users. This version of ransomware asks for a smaller ransom than other Cryptolocker-related viruses - "only" 130 Eur. However, that does not mean that victims should pay the ransom. Just like its predecessor, this ransomware gives the victim a specified amount of time to pay up, and states that after the given lapse of time passes, decryption key becomes inaccessible. Currently, malware researchers keep silent as there is no free Il tuo computer e stato infettato da Cryptolocker decryption tool available; however, such tool might show up in the future.

CryptoLocker 5.1 ransomware virus. The ransomware has been released quite recently. Since it mainly targets Italian Internet users, it has been alternatively known as Il tuo computer e stato infettato da Cryptolocker! threat. Though it attempts to disguise under the name of notorious cyber menace, IT experts still suspect that it is not so powerful as the original version. Speaking of the current virus, it demands 250€ in exchange to the locked data. The transaction is expected to be made within 48 hours. Brush aside any thoughts to transfer the money and concentrate on the elimination.

Cryptolocker3 ransomware virus is a malicious ransomware virus inspired by the original CryptoLocker version and tries to pose as this well-known ransomware on the infected computers. The virus belongs to the imposter-type category of viruses which have been growing popular over the last couple of months. One sub-section of these imposter viruses are called lock screen ransomware [6] which do not actually encrypt the computer files but prevents the victims from accessing and using the regular computer functions. Unfortunately, Cryptolocker3 belongs to the other sub-section in which malware imitate the appearance and behavior of the original ransomware versions [7]. This parasite encrypts files using complex encryption and appends them with .cryptolocker extensions. There is currently no safe decryption tool for the locked files, but we can assure you that the experts are working on it actively and you can expect your files to be decrypted in the future. In the meanwhile, banish this parasite from your computer without delay.

CryptoLockerEU ransomware virus. CryptoLockerEU virus has been detected in January of 2017, and it appears to be a modified copy of the initial CryptoLocker malware virus. The virus calls itself "CryptoLockerEU 2016 rusia," which gives an idea that it has been developed in 2016. During the data encryption procedure, the virus encodes files using a RSA-2048 algorithm and gives each file a new extension, which looks like this: .send 0.3 BTC crypt. The virus attempts to name the ransom note РАСШИФРОВАТЬ ФАЙЛЫ.txt but fails so the ransom note appears as ĐŔŃŘČÔĐÎ ŔŇÜ ÔŔÉËŰ.txt due to an error in virus' source code. Currently, files cannot be decrypted. Victims should use backups or wait for free decryption programs that malware researchers might release soon.

CryptoLocker removal explained:

Please, do NOT pay a fine because this doesn't guarantee that you will receive a key required for files' decryption. In order to remove CryptoLocker virus from the system, you need to scan your computer with Reimage or PlumbytesWebroot SecureAnywhere AntiVirus. If your anti-spyware or anti-malware tool does not start because the ransomware is blocking it, you need to follow CryptoLocker removal instructions that are provided at the end of this post. You can also find informative data recovery instructions down below.

FREQUENTLY ASKED QUESTIONS (FAQ)

Question. My PC has been infected by Cryptolocker ransomware. The infection has also affected my sd memory card in which I've stored important picture. I'm reading now a notification saying that I have a certain amount of time to pay the ransom, but there is no specific period indicated. Does anybody know how long files remain available to recover after they are affected by ransomware?

Answer. We feel responsible for answering your question ASAP to warn all people in advance. Paying the money for the Cryptolocker decryption key is a huge mistake which can result in money and data loss. So, please, don't risk that much. The first thing that you have to do after receiving a ransomware notification is to run a full system scan with a reputable anti-spyware (the list of the is given below) and remove Cryptolocker virus ASAP. After that, check whether your files still cannot be accessed. In this case, install data recovery tool (e.g. Protorec, R-Studio) or use file backups.

Question. I've been hit by Cryptolocker virus twice! I suppose I was dealing with different versions. Nevertheless, could you please tell me how could I prevent this in the future? It's painful to pay $500 to these bastards. However, I had to do so since nothing else has helped. Please, advise.

Answer. It's a pity to hear that you have been attacked by ransomware twice. We assume that the reason for a repeated attack might be inappropriate Cryptolocker removal. Anyway, now you are asking how to protect your computer from this threat. Honestly, there is no hundred percent reliable method that would give you zero chances of getting infected with any ransomware. Nevertheless, there are several tips that we can give for you. 1. Stay away from illegal websites. 2. Do not open suspicious emails, especially those containing attachments. 3. Do not click on software update prompts that pop up on your screen out of nowhere. 4. Do not visit websites filled with adult content. 5. Finally, keep a reliable anti-spyware installed on your computer and update it regularly.

Question. I've just been browsing through the websites I regularly visit, and suddenly a pop-up window locked my screen stating that data stored on my computer has been encrypted and that I have to pay the ransom. Is this a joke or I have to pay $500 for getting rid of Cryptolocker?

Answer. Unfortunately, if the message that you've indicated has been brought by Cryptolocker ransomware, then it seems that your computer has been affected with ransomware. Probably you have already checked personal files stored on your computer and discovered that they are blocked. Nevertheless, you should NOT pay the ransom to get decryption code that is needed for unblocking locked files. Although some users claim that they have been provided with a decryption key after sending the money, no one can guarantee that you will be the lucky one. Thus, instead of spending your money on nothing, install a reliable anti-malware (you can select one from the list below), delete Cryptolocker ransomware and try to recover data using data recovery tool.

Question. Please help! My files were locked by Cryptolocker virus last night, and I continuously receive a notification that contains instructions how to make the payment. I feel helpless as I cannot afford to pay such a big sum of money although pictures stored on my PC are worth millions for me. Can anyone help?!

Answer. Cryptolocker ransomware is a nasty infection. its developers only seek to earn easy money and frequently manage to do so. For you, as well as for the other victims of this ransomware, we want to highlight that paying the ransom will not solve the problem. There is no guarantee that you data will be restored. Beyond that, making the payment will not help to remove Cryptolocker ransomware. In order to fix your computer and restore data stored in it, you are recommended to install a powerful anti-malware and run a full system scan with it. Finally, you should either use file backups or data recovery software for getting you data back.

Question. Cryptolocker has stolen my data. However, some of the .doc, .pdf. and .jpg files were very important for me. Is there are a way to decrypt at least some pieces of data? Maybe there's a way to fix this issue manually?

Answer. Unfortunately, there is no way to get rid of Cryptolocker manually. There are only two ways to get decrypt data – either use backups or use a reliable file decryption tool, such as Photorec or R-Studio. Besides, in order to remove this threat once and for all, update or install a reliable anti-spyware and run a full system scan with it.

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall CryptoLocker. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall CryptoLocker. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2017-01-04 01:54)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2017-01-04 01:54)
Hitman Pro
Webroot SecureAnywhere AntiVirus

References

CryptoLocker screenshot

Method 1. Remove CryptoLocker using Safe Mode with Networking

Since CryptoLocker is an extremely vicious virus which comes in a variety of different shapes as well, it is likely that some of these versions will try block you from running security software and remove it from the computer. If you are ever in such a situation, scroll down below to find guidelines how to eliminate this obstacle.

Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Safe Mode with Networking from the list
Select 'Safe Mode with Networking'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Select 'Enable Safe Mode with Networking'
Step 2: Remove CryptoLocker

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete CryptoLocker removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Method 2. Remove CryptoLocker using System Restore

It is only natural that viruses like CryptoLocker will not leave computers without a fight. So, they may block antivirus scanners from initiating and purposefully crash these programs before they launch. Below you will find a way to work around this problem, decontaminate the virus and proceed with its elimination.

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list
Select 'Safe Mode with Command Prompt'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Select 'Enable Safe Mode with Command Prompt'
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
  • Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of CryptoLocker. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
  • Now click Yes to start system restore. Click 'Yes' and start system restore
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that CryptoLocker removal is performed successfully.
Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Bonus: Recover your data

Guide which is presented above is supposed to help you remove CryptoLocker from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Although it might be possible to recover files encrypted by CryptoLocker malware by paying the ransom, we highly recommend you to forget this option. The decryption software might come bundled with more malicious files, or might not help you to retrieve your precious records at all. Additionally, if you paid, you would fuel up criminals' efforts and induce them to continue evolving and distributing this virus.

IMPORTANT. If you think that you have been infected by CryptoLocker, there is a great chance that you are mistaken. The original virus has been defeated several years ago and is no longer distributed. If the ransom note says that you are infected with CryptoLocker, it might not be true - some viruses pretend to be this fearsome ransomware just to frighten the victim. Besides, some fake versions of this malware can be decrypted. We strongly recommend you to run a system scan to find out what is the actual name of the virus, or send us a question providing the name of the ransom note, file extensions added to encrypted files and maybe some pieces of information the ransom note contains. It would also be helpful to hear what kind of picture the ransomware sets on the desktop - all this data can help us identify what virus has affected your PC. Alternatively, you can take a look at these data recovery suggestions and choose the desired method to recover your files:

If your files are encrypted by CryptoLocker, you can use several methods to restore them:

Use Data Recovery Pro to recover your files

Many programs promise to recover your files after they get deleted, corrupted, or damaged in another way. We recommend using Data Recovery Pro - it might help you to recover some files. Instructions below will help you to start this program and scan the system for encrypted data.

Use Windows Previous Versions method to recover individual files

If your personal files have been distorted by this malicious ransomware, try to rescue a few of them by taking advantage of Windows Previous Versions feature. Sadly, this method is only effective if System Restore function has been enabled on the system.

  • Find an encrypted file you need to restore and right-click on it;
  • Select "Properties" and go to "Previous versions" tab;
  • Here, check each of available copies of the file in "Folder versions". You should select the version you want to recover and click "Restore".

CryptoLocker decryption tools

If your PC has been infected by a version of CryptoLocker, use the appropriate tool to decrypt them. Below we provide a list of free decryption tools capable of restoring encrypted files:

  1. Files locked and _crypt0 file extensions added? Then use this Crypt0 ransomware decryption tool.
  2. Files encrypted and have .CryptoTorLocker2015! file extensions now? CrypTorLocker2015 decrypter can be downloaded from here.
  3. PCLock ransomware does not append specific file extensions, but you can easily identify this virus by running anti-malware software. Files can be decrypted with this PCLock Decrypter.

Unfortunately, there are the only viruses that can be decrypted. If more decryptable versions appear, we will update the article.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from CryptoLocker and other ransomwares, use a reputable anti-spyware, such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Jake Doe
Jake Doe - Life is too short for wasting your time on viruses

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Geolocation of CryptoLocker

Map reveals the prevalence of CryptoLocker. Countries and regions that have been affected the most are: United States, United Kingdom, Australia, Canada and India.

Removal guides in other languages


Information updated:

Comments on CryptoLocker

0
0
leo warner
CryptoLocker Virus (Files Encrypted Ransomware) is seen as a horrible Trojan which is truly dreadful for the Windows clients. It is competent to track your Internet action and keep records all important data, for example, program history points of interest, correct treats, and other program related learning which can use for promoting and publicizing reason. Trojan.Cryptolocker.AA can hurt or destroy Windows expert boot record and additionally change web program essential landing page settings in spite of the fact that it could supplant desktop foundation picture to new picture. It would divert program landing page alongside web search tool outcomes to meddling website page.
0
0
Aster
Hi All - Firstly im hit but have backup. Screen is completely blacked out not even start bar, windows button disabled. downloaded malwarebytes free and going to try just get the laptop back. Did receive said ransom note and links to a page requesting $500 or $1000 after 3 days.

only been on worksites for research (music) all day today, havent added any updates at all .... so yea they still manage to get you hmmm

anyways will add if this works ...
2
0
Gina
Switch to Linux!
0
1
EndUser
Seriously, dont pay and fund the criminals. There is no guarantee that they will give you the key anyway. Make sure you always have recent backup of your data. Option is to also use shadow copies (previous versions) to see if you can recover them there if not too late.
If running in a business, it is best not to have mapped network drives or your server files will be encrypted. Also, it is best to keep all important files on a server with automatic daily backup. Even small network files servers (NAS) are so much more affordable and protect your files.
System restore does not affect data files, only recovers system files in case it is unable to boot.
0
1
Infected
Did paying up get your files back or did they just take your money too? Never had a virus in 25years - somehow got this. Any other info on converting payment to them. Do they have a time limit?
0
1
Julius
This thing infects mac users as well if they are dumb enough to open the stupid file.
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)