What is CryptoLocker?

CryptoLocker was a ransomware trojan which used the Gameover ZeuS botnet and infected email attachments to spread across the Internet, infect Windows PCs, and lock files using RSA 2048 bit encryption. Victims are then prompted to pay a $300 ransom in order to receive a password.

CryptoLocker affected around 500,000 people between September 2013 and May 2014. In a crackdown dubbed “Operation Tovar”, a group of security experts — from the FBI, Interpol, security software vendors, and universities — managed to stop the hackers.

CryptoLocker has spawned a few clones — CryptoWall, Crypt0L0cker, and TorrentLocker — and several similarly named, but unrelated trojans. In recent years, ransomware attacks have become more popular, and much more dangerous.

Is CryptoLocker still a threat?

During its spread, any unprotected Windows PC was vulnerable to the trojan. However, CryptoLocker is no longer a threat.

Where does CryptoLocker come from?

CryptoLocker infected computers with an existing botnet, via harmful email attachments. The trojan encrypted files stored on local or mounted network drives. Since it wasn’t a virus, it didn’t spread across your network on its own. However, it was still capable of doing a lot of damage, because it searched your network extensively, looking for files to encrypt.

How to recognize CryptoLocker ransomware

Just like other types of ransomware trojans, CryptoLocker could not be recognized, because once it infected a computer it started to run without asking for the user’s input. Victims would simply receive a message saying their files were encrypted.

How to remove CryptoLocker ransomware

In 2014, a security firm involved in Operation Tovar gained access to all the keys used by hackers, and created an online CryptoLocker decryption tool.

This was one of the few cases where victims could recover their files without paying the ransom. With most ransomware attacks, the encryption is so strong that locked files cannot be recovered. However, the malware itself can be removed with our Avast Antivirus.

How to prevent CryptoLocker ransomware

Most ransomware trojans spread via fake and spam emails. Here’s how to protect your files from Locky:

  • Use an up-to-date antivirus. (Check out this best antivirus comparison article for tips)
  • Use internet protection that helps you avoid fake emails and spam
  • Don’t open suspicious emails or attachments from unverified sources. Remember that banks, companies and agencies don’t ask for personal information via email
  • Disable Microsoft Office macros by default
  • Back important files up, either online or on external drives
  • Make sure your operating system is updated and patched
Use anti-malware to protect yourself

As an Avast user, you should have nothing to worry about. If you’re software is up-to-date, you are fully protected against CryptoLocker and any other malware. Our experts monitor new email campaigns every day, to create new URL detections and protect you from the latest threats.

Why Avast?
  • Consistently rated “excellent” by industry experts
  • Trusted by 400 million people worldwide
  • It’s the "Antivirus with the lowest impact on PC performance” (AV comparatives)
  • Best features - unbreakable password security, home network protection, browser cleaning and much more
  • All for FREE