Friday, October 18, 2013

Tutorial on how to remove CryptoLocker on your computer.

CryptoLocker is a type of ransomware that once your computer system is infected, it's very difficult to fix it after it has locked (corrupted) your files.  It's a major problem for many computer repair services, since it's impossible to be able to crack what the key is to decrypt your files after this ransomware ran through your computer system.

What this ransomware does it encrypts (locks) all your personal files making them unreadable (locked).  You pretty much have no choice but to either wipe your computer and start from scratch or make a payment (from $100 to $300 USD) to a group of thieves to recover your files--and they place a countdown (deadline) to make your payment--meaning if you don't make your payment before the time expires, you will lose your files forever.

But if you are like me, I would never give them a dime!  Because there are no guarantees that it will fix your problem after making your payment or that it will reoccur at a later time!

How CrytpoLocker infected your computer?

Like many other viruses, there are many ways that this ransomware can infect your machine.  It can be sent to you by either email or by a link (download) from a social media site.  It can be disguised as a PDF, audio file (mp3), or an image (JPG or PNG).  You need to look at the extensions closely if it doesn't end with a ".exe" at the end of the file name. (see examples below)
  
Examples:
  • Fake PDF file: receipt_payment0006.PDF.exe
  • Fake Image file: las_vegas_pictures_0001.JPG.exe
  • Fake MP3 file: myfavoritejam.MP3.exe

 

Be Prepared Always:

The best way to not fall victim to this ransomware is to be weary on what you download.  Keep in mind that sometimes these new ransomwares (or viruses) may not be successfully detected by your anti-virus.  So it's best to just be careful before launching these files.  If you have a spare computer and don't care for it's files, then you can use that as a test machine before you run them in your main PC--and make sure that PC is isolated from your home or business network, because if it does get infected, so will your other computers connected to the same home or business network

As you may already know, it's important to have monthly backups of your computer files and system  This way if you happen to run into this issue with your main PC.  Then go ahead and *reformat your system to get rid of the ransomware from your computer and then run your backup to restore your system files back to the last working backup.  Hopefully you have a backup that was done prior of having this ransomware on your system.  

*Make sure that you reformat your system prior to trying to restore your files from your backups.  Do not try to connect your backup files to your system while that ransomware is still running on your computer system, because then you risk for these backup files to also get corrupted.

A Partial Workaround:

If you suspect that you had installed this ransomeware by accident, then you should disconnect your PC from your home network or internet connection.  Disable the wireless connection (off switch) or pull off the Ethernet cable or whatever you use to connect your computer to the internet.  This way the ransomware stops encrypting all your files.

But even if you are successful of disconnecting your computer from the internet on time before it locks up all your files, you may still have some or partial files on your system locked.  You can then move the unlocked files to a backup drive and then restore your machine.  And basically kiss goodbye the files that got corrupted.  Because once this ransomware runs on your PC, it will lock every file you have on your computer system, USB devices, and even from your shared files in your home or business network--other computers.

More Information:

If you wish to learn more about troubleshooting your system from this ransomware, I suggest to go to this helpful site to learn more.  CryptoLocker Ransomware Information Guide and FAQ

Hopefully someday we will have a tutorial on how to remove CryptoLocker on your computer without having to reformat and start all over from our backups or not have to pay a dime to thieves to unlock our systems.  If you know a workaround, please share it below.  Thanks in advance.

Update (10/21/13):

There's been some positive progress on how to get rid of this ransomware from your computer.  Though it will not be able to decrypt the files that were encrypted by this ransomware, it will at least get rid of the problem and also there is a YouTube video tutorial that will teach you how to see what files were damaged in the process.  More details about this partial fix can be found here (as well as the YouTube tutorial). Malwarebytes: How to remove Cryptolocker

1 comment:

  1. I don't really like repair shops for computers cause i think it's pricey in general and the perks of being a college student is I probably have a CS major friend who can help. Ageeko

    ReplyDelete

Popular Posts