One of my friends has been locked all file data because of CTB Locker. All common files like WORD, EXCEL etc are encrypted and you will see the information bar on the desktop like the above image.
Now you have two choices:
1. Pay the money to decrypt your files.
2. Find help from the experts to save your important data or lost everything.
What is CTB Locker?
As the CryptoWall (and its previous iteration CryptoLocker) malware has shown, the bar for exploits and potentially damaging payloads continues to rise. CTB-Locker (PDF) -- the next in a growing trend of data-encrypting ransomware that is currently making the rounds around the web -- is infecting enterprise and consumer stations. The virus, upon infection, scans the computer and encrypts data based on file-types, targeting many types of files used in the enterprise, such as .PDF, .XLS, and .PPT to name a few. Upon encrypting the files, the virus will create a .TXT and .HTML file with instructions on how to obtain the decryption key, which will be available after paying the ransom stated (up to 3BTC). The decryption key will only be valid for up to 96 hours; after that time, the server will delete the decryption key, and the files will remain encrypted.
How does it infect a computer?
Infection has been traced primarily back to spam containing the malware as an attachment in a .ZIP file. When this attachment is opened, it creates a copy of itself in the %Temp% folder. Upon launching, it injects malicious code to the svchost.exe process of a Windows computer which, in turn, creates a scheduled task to the file located in the %Temp% folder to run on startup. A mutex (i.e., a program thread that allows shared resources to run, but not simultaneously) is created to ensure that only one instance of the malware will run at any given time. This injected code in the svchost.exe is the same process that will encrypt the data on the computer based on file-types.
How to protect your data from CTB Locker?
1. One of the most important tasks is to backup your data regularly. There are some common methods that you should consider:
- Compress your files with Password.
- Manually copy file to safe place (USB hard drive for example)
- Using system functions like System Recovery for Windows or Time Machine for Mac.
- Using cloud storage with sync feature such as Dropbox (Free 5GB to 18GB), Google Drive (Free 15GB), Daidu Drive (Free 5GB to 2TB).
How to recover you encrypted files?
CTB Locker have growed day by day with many variant so that no best solution for all cases but there are some methods worth to try below:
- Restore files that were deleted by CTB Locker.
- Find private key to unlock files by upload to this website: https://www.decryptcryptolocker.com/
- Use decrypt tool from Kaspersky: RakhniDecryptor, RectorDecryptor
Here some images about CTB Locker message on desktop