Select language
Avast Academy Security Ransomware CryptoLocker Ransomware: What You Need to Know


CryptoLocker is a trojan that encrypted files in infected Windows PCs during its spreading between September 2013 and May 2014. While US authorities eventually put an end to that attack, CryptoLocker paved the way for a new generation of complex and dangerous cybersecurity threats — file-encrypting ransomware.


What is CryptoLocker?

CryptoLocker was a ransomware trojan which used the Gameover ZeuS botnet and infected email attachments to spread across the Internet, infect Windows PCs, and lock files using RSA 2048 bit encryption. Victims are then prompted to pay a $300 ransom in order to receive a password.

Hamburguer menu icon

This article contains:

    CryptoLocker affected around 500,000 people between September 2013 and May 2014. In a crackdown dubbed “Operation Tovar”, a group of security experts — from the FBI, Interpol, security software vendors, and universities — managed to stop the hackers.

    CryptoLocker has spawned a few clones — CryptoWall, Crypt0L0cker, and TorrentLocker — and several similarly named, but unrelated trojans. In recent years, ransomware attacks have become more popular, and much more dangerous.

    Is CryptoLocker still a threat?

    During its spread, any unprotected Windows PC was vulnerable to the trojan. However, CryptoLocker is no longer a threat.

    Where does CryptoLocker come from?

    CryptoLocker infected computers with an existing botnet, via harmful email attachments. The trojan encrypted files stored on local or mounted network drives. Since it wasn’t a virus, it didn’t spread across your network on its own. However, it was still capable of doing a lot of damage, because it searched your network extensively, looking for files to encrypt.

    How to recognize CryptoLocker ransomware

    Just like other types of ransomware trojans, CryptoLocker could not be recognized, because once it infected a computer it started to run without asking for the user’s input. Victims would simply receive a message saying their files were encrypted.



    How to remove CryptoLocker ransomware

    In 2014, a security firm involved in Operation Tovar gained access to all the keys used by hackers, and created an online CryptoLocker decryption tool.

    This was one of the few cases where victims could recover their files without paying the ransom. With most ransomware attacks, the encryption is so strong that locked files cannot be recovered. However, the malware itself can be removed with our Avast Antivirus.

    How to prevent CryptoLocker ransomware

    Most ransomware trojans spread via fake and spam emails. Here’s how to protect your files from Locky:

    • Use an up-to-date antivirus. (Check out this best antivirus comparison article for tips)

    • Use internet protection that helps you avoid fake emails and spam

    • Don’t open suspicious emails or attachments from unverified sources. Remember that banks, companies and agencies don’t ask for personal information via email

    • Disable Microsoft Office macros by default

    • Back important files up, either online or on external drives

    • Make sure your operating system is updated and patched


    Protect your iPhone from threats
    with free Avast Mobile Security


    Protect your Android from threats
    with free Avast Mobile Security