- The purpose of this guide
- What is CryptoLocker
- Known file paths and registry keys used by CryptoLocker
- What should you do when you discover your computer is infected with CryptoLocker?
- Is it possible to decrypt files encrypted by CryptoLocker?
- Will paying the ransom actually decrypt your files?
- How do you become infected with CryptoLocker
- Known Bitcoin Payment addresses for CryptoLocker
- CryptoLocker and Network Shares
- What to do if your anti-virus software deleted the infection files and you want to pay the ransom!
- How to increase the time you have to pay the ransom
- Messages from the ransomware author and information about the CryptoLocker Decryption Service
- How to restore files encrypted by CryptoLocker using Shadow Volume Copies
- How to restore files that have been encrypted on DropBox folders
- How to find files that have been encrypted by CryptoLocker
- How to determine which computer is infected with CryptoLocker on a network
- How to prevent your computer from becoming infected by CryptoLocker
- How to allow specific applications to run when using Software Restriction Policies
- How to be notified by email when a Software Restriction Policy is triggered
- CryptoLocker 2.0: New version or Copycat?
- CryptoLocker Timeline
“There is a lot of incorrect and dangerous information floating around about CryptoLocker. As BleepingComputer.com was one of the first support sites to try helping users who are infected with this infection, I thought it would be better to post all the known information about this infection in one place. This guide, or Frequently Asked Questions, will unfortunately not help you decrypt your files as there is no way to do so. Instead, this FAQ will give you all the information you need to understand the infection and possibly restore your files via other methods.
In many ways this guide feels like a support topic on how to pay the ransom, which sickens me. Unfortunately, this infection is devious and many people have no choice but to pay the ransom in order to get their files back. I apologize in advance if this is seen as helping the developers, when in fact my goal is to help the infected users with whatever they decide to do.”
This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.
Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.
Comments
Just 3 words: Sandboxie, Sandboxie, SandBoxie. (or another form of virtualization).
In November 2013 there was an article and a long thread about this...
As a result, I have been using CryptoPrevent from FoolishIT; I believe Nick, the developer, participated in that thread.
I have been pretty satisfied with it, it works, set it and forget it.
Lately, though, the administration of CryptoPrevent has become burdensome, at least on my machine.
CryptoPrevent has a manual update for non-premium users, it was simple, just click on the update link and it would go; it won't do this anymore, at least for me.
I now have to uninstall and reinstall, with multiple reboots. It works fine this way, just a tedious process.
I also realized that it has blocked all other software upgrades in the past couple versions.
I only figured it out by process of elimination.
I couldn't install Firefox 30, new versions of Flash and Reader, nor the new versions of Sandboxie and Winpatrol, couldn't install anything.
I now have to turn off the protection, reboot, download the new version of say Firefox, reapply the Crypto protection and reboot.
Again, a tedious process.
There are a couple whitelist options, one for .exe files already in blocked locations, and an advanced whitelist function with a multitude of options.
The whitelisting in CryptoPrevent seems counterintuitive to me, so I haven't done any whitelisting.
I trust the software, I trust Nick - his software also prevents other malware from getting in, this is another major reason I like what he developed.
The inability to download and install new software is problematic, the upgrade for CryptoPrevent itself, not so much, I can live with it.
For those who just want a quick way to protect against CryptoLocker, CryptoDefense and other ransomware, Surfright's HitmanPro.Alert is free and effective protection. (As far as I can see, it's mentioned only very briefly over at bleepingcomputer).
Note - it does NOT get rid of the infection (I've used Malwarebytes AntiMalware for that) - but it does stop the encryption.
It can be found at http://www.surfright.nl/en/cryptoguard
The table of contents above doesn't correspond with the one on bleepingcomputer.com - the one above omits the correct part 1. ("The purpose of this guide").