CryptoLocker is a file-encrypting ransomware, which will encrypt the personal documents found on victim’s computer using RSA-2048 key (AES CBC 256-bit encryption algorithm). CryptoLocker then displays a message which offers to decrypt the data if a payment of 2.2330749 BTC (around 499 USD) is made within 96 hours, otherwise the data will be destroyed.
CryptoLocker will add the .7z.encrypted extension to all your images, videos and other personal documents.
The CryptoLocker virus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission of knowledge.
Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the CryptoLocker virus.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.
If your computer is infected with the CryptoLocker ransomware will display a black
DECRYTP_INSTRUCTIONS.html wallpaper that covers the entire desktop. ADECRYTP_INSTRUCTIONS.txt text file will be placed on your desktop. Both files contain instruction on how or recover the encrypted files.