CryptoLocker is one of the worst threats you can face online nowadays. We are talking about a ransomware virus that infects your PC using security vulnerabilities detected within your outdated software through malicious downloads and websites or infected email messages. Once infiltrated into your system, CryptoLocker encrypts all files and asks you a payment to decrypt the data and unblock the machine.
It’s possible to acknowledge infected files thanks to the “.encrypted” extension. There are several versions of CryptoLocker you can come across: TorrentLocker, PClock, Alpha Crypt and new variants are continually developed.
The demanded “ransom” is about 300 USD or 300 Euros using Bitcoin, Ukash, cashU, or MoneyPak, and you have a limited period to comply with requests. If you choose to pay, you have no guarantee that your files will be decrypted, and you may encourage cyber criminals. We suggest not to send any money, report this attack to local authorities and remove the ransomware recovering your files from a backup.
It’s vital to make regular backups of your documents: the CryptoLocker removal process may result in complete loss of your data. Your documents, pictures and archives may be permanently compromised.
The first thing to try is to download Malwarebytes Anti-Malware Free or HitmanPro, two solutions we reviewed. Both are designed to detect and remove rootkits, rogues, dialers, spyware, worms, Trojans and more and can scans the computer quickly. If your PC is completely blocked, you can manually remove CryptoLocker.
One method is to remove CryptoLocker rebooting your computer to Safe Mode with Networking. If you use Windows 7 / Vista / XP, you have to click Start → Shutdown → Restart → OK. When your computer restart, press F8 multiple times until it shows the Advanced Boot Options window. Select then “Safe Mode with Networking” voice from the list.
If you use Windows 10 / Windows 8, you have to press the Power button at the Windows login. Press and hold Shift and click Restart. You have now to select Troubleshoot → Advanced Options → Startup Settings and press Restart. When the computer restart, in the Startup Settings window select “Enable Safe Mode with Networking”. Then, whatever your Windows version is, you have to log in to your account and start the browser. Download a legitimate anti-spyware, do a full system scan and remove malicious files.
It’s also possible that CryptoLocker blocks Safe Mode with Networking. You have a second chance to remove it using System Restore. You have to reboot your computer to Safe Mode with Command Prompt. If you’re using Windows 7 / Vista / XP, click Start → Shutdown → Restart → OK. When the computer restarts, press F8 multiple times until you see the Advanced Boot Options window, then select Command Prompt from the list and “Safe Mode with Command Prompt”.
If Windows 10 / Windows 8 is your operative system, you have to press the Power button at the Windows login screen, press and hold Shift and select Restart, then Troubleshoot → Advanced Options → Startup Settings and again press Restart. Once your computer restart, select “Enable Safe Mode with Command Prompt”. Then, whatever your Windows version is, type “CD restore” in Command Prompt windows and press enter. Type rstrui.exe and press Enter again. A new window will show up: select the restore point and click Yes.
If you want to try to restore your files, there are plenty of solutions working on shadow copies of your records. Some tools will also try to unlock encrypted files.
We suggest to keep your installed software up-to-date: it largely reduces the risk of ransomware infections.