CryptoLocker is a virus that can destroy files on Windows based PCs beyond the ability of any data recovery process. Usually the virus hides in an attachment to a message stating that files on the computer are encrypted and that recovery is impossible without the encryption key held by the attackers. The files then are released after an exchange for a payment. The attachment looks like a harmless PDF file so that the user is fooled and will open the file. Once Crypotolocker is opened, it targets many files with different extensions and then encrypts them by using a public key and then makes a record of the file in the Windows registry under HKEY_CURRENT_USER\Software\CryptoLocker\Files. It then states that the user’s files have been encrypted and that they must pay hundreds of dollars to the creator of the virus.
Even if you pay the required fee, there is no guarantee that your files will be decrypted and restored back to its original state. In order to protect yourself from Crytolocker’s harm, make sure you are using an antivirus software and that it’s updated regularly to keep it up-to-date. Make sure you also back up all of your data in a form that’s disconnected from your computer. Crytolocker can also encrypt files on an USB drive that is connected to a computer. One of Crytolocker’s main forms of attack is through email so avoid opening any email attachments from unknown or suspicious sources. This includes emails from banks, financial institutions, courier companies or from Companies House. To check whether Cryptolocker is already on your computer, you can run Malwarebytes Anti-Malware to scan and remove it. If Crytolocker has already encrypted your files, unfortunately, it’s too late to recover your files and the only chance to get them back is to pay the demand and to hope that your files will be decrypted.