Cryptolocker Removal

cryptolocker

CryptoLocker is a form of malware from a sub-group known as Ransomware. Ransomware is any kind of malware that essentially holds your computer and your files “hostage” until you meet their demands, usually paying a ransom. CryptoLocker specifically kicked off a line of ransomware that encrypts your files using RSA public-key cryptography, you can read more here. This makes your files unusable and the only way to retrieve them is to get the decryption key, from the authors of the malware. Once infected with CryptoLocker you will see a file pop up that informs you of the situation, and that you must pay their ransom, in Bitcoins, or the price will increase until they delete the decryption key and you lose the files forever. Luckily, this first installment of the malware has a solution; FireEye and Fox IT teamed up and are now offering all of the public keys, free of charge, on their website https://www.decryptcryptolocker.com/. This guide will walk you through the steps of removing the infection, as well as submitting your encrypted files to be decrypted and saved, at no cost to you. Bleeping Computer has a nice discussion forum specifically for CryptoLocker and other ransomware you can read at http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Step 1: Download Malwarebytes Anti-Malware from https://www.malwarebytes.org/mwb-download/
Step 2: Run the setup files and install Malwarebytes.
*When installing Malwarebytes you will have the option to enable a free 30 day trial of their premium service, this is not required.
Step 3: Click the “Scan Now” button in green, if an update is available then click the “Update Now” button in the bottom right. The scan will begin once the update is finished.
Step 4: The scan may take some time, depending on your computer and the number of infections, but once it is finished click the “Apply Actions” button in green.
Step 5: Malwarebytes may or may not request that you reboot your computer after it has removed the infections, if it does you may proceed to reboot.

This will remove the infection itself, but all of your files will still be encrypted and unusable, you must submit a sample file to the decryption website. This section will walk you through that.

Step 1: Visit https://www.decryptcryptolocker.com/ and input an email that you can check.
Step 2: Click the “Choose file” button in blue and select a document/file that was encrypted by the virus. (You will know it is an encrypted file if you cannot open it or view the contents)
Step 3: Check your email for the recovery program and the decryption key that is specific to your computer. You can also download the program directly at https://www.decryptcryptolocker.com/Decryptolocker.exe
Step 4: Follow the instructions in the email from Fox IT to decrypt your files.