Crypto Locker Virus Holds Your Computer Hostage

    October 26, 2013
    Erika Watts
    Comments are off for this post.

If you ever needed a reminder to be careful about the emails and attachments you open, it’s now. The Crypto Locker virus that is going around is said to be one of the worst ever and is infecting computers with the Windows OS all across the United States. The virus, also called “ransomware,” works by holding your files hostage until you pay a fee.

The Crypto Locker virus is passed around in emails that have innocent enough looking senders, such as UPS or FedEx, but they’re not really from these corporations, of course. Instead, when you open the attachment, your computer becomes infected and the virus locks all your files until you pay a ransom. Check out a picture of what the Crypto Locker demand screen looks like:


“Ransomware causes your computer files to be non-accessible and when that happens you have two choices. You can recover if you have a backup which I hope you do or pay the ransom within 100 hours. If you do not pay the ransom you lose all of your data,” technology expert Anthony Mongeluzo said.

“It will disguise itself as JPEG images, as PDF files, as Microsoft Office files,” said Troy Viers, an IT specialist. “If you get an email from somebody you do not know, especially if it’s got attachments, don’t open anything with it, just delete the email.” After the computer becomes infected, users are usually given 100 hours to pay a fee between $100 and $700 to get the files decrypted.

Has the Crypto Locker virus infected your computer? Share your experience below.

ABC 33-40, a news station out of Birmingham, Alabama, was hit with the Crypto Locker virus. The director of engineering for ABC 33-40, Ron Thomas, described his station’s experience with the virus. “You buy this $300 Green Dot MoneyPak, you cannot use a credit card for it, it had to be cash or debit card. Once they claim the funds, they unlock your files. If those files had been lost, it could’ve affected 10 years’ worth of work by several departments,” said Thomas.

The two most important things you can do as far as the Crypto Locker virus–or any other virus, for that matter–is concerned is to make sure you have all of your files backed up and be very wary about the emails you open. There are quite a few companies that offer free virtual storage, such as Google and Amazon, so it’s easy to back up at least part of your files if you trust online storage. Alternatively, you can back up your files to another partition on your computer or to an external hard drive.

[Images via YouTube]
  • Wow

    Well it should be easy enough to find out who made this. Just follow the money trail back to the source.

    I will say this. I really believe that most of the “hacking” and “cyber crimes” goes back to the government. You have all these government agencies collecting information on everyone. All your information gets passed from “analyst” to “analyst”. Crimes happen. then the very same “analysts” have to research them, and then the crimes get blamed on some anonymous hacker. Have you ever filed a cyber crime complaint? A girlfriend of mine did and she is literally ticket number 1,000,000-something.

    I myself was a victim of an ATM crime at a major bank. Even though my account had a maximum withdraw limit of $500, the thieves were able to withdraw $2,500 from my account at 5 different locations all within an hour. The 5 different locations were very spread out. There was no way they could have physically drove that distance within an hour. It had to be an inside job. Had to be.

    What ticked me off is the bank never contacted me about it. I found the errors myself and went to tell them about it. The bank said they knew about the problem but never notified customers.

    • quaid

      As far as theft viruses go:
      out of a huge world population;

      %0 big gov (they ARE listening and GATHER info, not stealing that’s f’ing dumb sorry, they already do that with taxes, they wouldn’t bother and it would be too much of a scandal),

      %26 script kiddies and young adults who want a new game console or want to hurt someone.

      %35 Russian Mafia, highly organized.

      %6 Middle eastern gov and china.

      %5 Other international Mafia including US (US is probably %1).

      %8 Nigeria as a whole lol but true – mostly phishing and women love scams to steal money.

      %5 Random underground organizations unaccounted for but certainly not government.

      %14 Terrorist funding,organized.

      A gross estimate from half baked security analyst, numbers could be slightly off but that’s the ballpark.

    • IT Specialist

      You cant track down through where the money is being withdrawn from because they are using what’s called botnets. They have control of random peoples bank accounts and they are receiving and withdrawing money through other peoples banks so they have no way of tracking this as of right now.

  • Maraselah

    I’ve heard of encryption virus’ before but never seen a real one. Kinda rare I think, cool. And please continue to be gullible.

  • http://yahoo.com mark

    Looks like the Nigerians got some upgrade training! As if they weren’t stealing enough $$$ in bogus scams already.

    • http://privacy-pc.com/ David

      Cryptolocker – is a top point of the Nigerian scam. Next level is real Somalian pirates :)
      I hope after this people will use the most vital Windows function – create Restore points every week.

      • Ripeka

        our organisation got hit here in New Zealand. Restore points didnt work. Backups failed owing to our IT company letting us down. Ended up paying the ransom fee and getting everything unencrypted. One long week from hell.

  • Steve Sybesma

    IF YOU GET THIS malware on your computer, DO NOT PAY the ransom…general rule no matter what: NEVER PAY RANSOM, period.

    If you pay, you will have done everything for the crook, and nothing for yourself…the crook who did that will take your money and run. If you feel you can trust them to put that on your machine in the first place, then that would be a reason to trust them enough to pay the ransom…since you don’t trust them to begin with, don’t trust them at all. Makes sense?

    I have personally run into this malware at my work as a deskside support person. IF YOU TURN OFF YOUR COMPUTER WHEN YOU SEE THAT FLASH IN FRONT OF YOU, and take your computer to someone who will replace the HDD on it and get your data off the old HDD…you will be OK. It takes time to encrypt files and it certainly cannot happen when the computer is OFF.

    This is how I handled the situation for the lady on whose machine saw this on. I told her to shutdown the PC and ship it to me. I was able to get all her data…the malware didn’t have any time to start encrypting her files…and it does take time to do that, it’s not instantaneous.

    DON’T EVEN TRY TO PLAY WITH THIS YOURSELF ON A LIVE INFECTED HDD…it’s pointless..you need to take the infected HDD out of the machine to deal with it properly.

    If you cannot do that yourself…pay the honest tech instead of the dishonest crook…you will get what you need and you will be able to live with yourself. Paying crooks encourages them to continue.

  • http://jaffreycomputer.com Jaffrey Computer

    Just got one in yesterday. It looks like its primary attack is on word and excel. The post on unplugging the machine is likely correct although it MAY delay the ransom notification until encryption is complete making unplugging a hopeless attempt. Also getting reports of a variant able to infect any network attached storage as well. The primary file appears in the \programdata hidden file. It deletes fairly easliy but the damage is already done.

    • Steve Sybesma

      Clarification…I would lean on the side of beginning with a new HDD and once you have that setup with the OS, scan and move the files over to your reimaged machine. I don’t believe the malware ‘infects’ data files in the sense that you open a PDF or spreadsheet and it infects your computer…and in my case, I found no infection of data files as I was moving them over…the user has not found any files yet she could not open.

      So, in my opinion, catching this early and shutting down your PC has to be the best course…certainly letting it linger could only be worse.

    • Steve

      Reports I’ve read that it doesn’t see NAS unless shares are accessed by drive letters. Are you saying that UNC shortcuts are followed?


    Have a backup on a flash drive or cd rom of microsoft security essentials.

    Try and log in in safe mode settings at start up believe F2 and get in system restore back to earlier point and then run anti virus as well.

  • Brad Churby

    We created a free scan tool that finds CryptoLocker encrypted files dumps the list into a CSV file. This is handy when trying to figure out what files need restored from backup.


  • http://internet.underceej.co.uk The Ceej

    This isn’t new. This has been around for years. Someone changes the name and suddenly it makes front page news? I call shenanigans. What’s the story that belongs on the front page that this is distracting us from?

  • Nicole

    the cryptolocker demand window says the key is stored on a private server on the internet. why dont you try to find the server?

  • Daniel Grothe

    If anyone is that stupid enough to get the virus on their computer, they deserve to pay $100.

    • HFC

      It’s coming thru the IP phone networks now as a notice of you having a voice mail. No attachments….no content. You obviously don’t know a whole lot about virus’s in general.

  • Bill

    Really believe I would contribute $$ to the fund that eradicates these guys. Suppose we put a contract on them!

  • http://www.yahoo.com.sa Rai

    i passing this virus is runing my user system that time i shutdown the system and the virus propmt is gone but my user files are damged docx,xlsx,ppt,pdf
    i tred to restore point is not working proprly,

    my user tracking in fedex,
    that time effected my user system totaly files even mapdrives encrypted
    i have antivirus symentec but this symentec is not decat the virus
    i’m a it admin in company how can i replace the damaged file i don’t have backup and i don’t have prompt for crypto locker

    please help me

  • apctech

    I started seeing machines with this a couple of weeks ago. In my experience you cannot use a computer without an active backup unless you are willng to lose your data. There are just too many scenarios that threaten data such as hard drive failure or ransomeware like this. Backup your data people!

    • Ripeka

      Got hit by this virus on a local computer which then spread it to our networked server where it encrypted everything. We thought we had a backup to restore from but unfortunately, our IT people could not provide an adequate backup after all. We ended up paying the fee and getting files unencrypted. Had to completely reformat the initially infected computer but the network files appears to have unencrypted without further problem. Lesson: you need TWO external backups in case the one you have fails at the crucial point. It was a VERY stressful week, and we still feel angry that we ended up with no choice but to pay the bastards.

  • Graham

    Its always a very good general rule not to click on links in emails or open attachments that you dont know about ! I only will do that on my home system – its linux and such a virus although not impossible is very unlikely due to the security setup of linux. A friend of mine always clicks on links in emails (i have told him many times lol) and he has had his pc rebuilt 4 or 5 times last year (2013) ! He uses windows of course !

  • http://pasteht.ml phillips1012

    > “It will disguise itself as JPEG images, as PDF files, as Microsoft Office files”

    Umm, no, that’s impossible due to NT/DOS’s kernel… What it really does is take advantage of the fact that windows explorer, by default, hides file extensions when it thinks it’s not needed, and unfortunately windows executables is one of them.

  • msnyc10

    Time to start executing hackers like this publicly.