Mobile Computer Services are warning all our clients about the latest ransomware CryptoLocker it encrypts your data, at present infected computers CANNOT be decrypted.

Please see below for information about this latest version

What is CryptoLocker

CryptoLocker is a program released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8.

 This Program will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $200 USD or $400 USD in order to decrypt the files.

This screen will also display a timer stating that you have 96 hours, to pay the ransom or it will delete your encryption key and you will have no way to decrypt your files.

This ransom can only be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will start to decrypt the files that it encrypted.



How do you become infected with CryptoLocker

This ransomware infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Australia Post, Fedex, UPS etc. These emails contain a zip attachment that when opened would infect the computer.

These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

What should you do when you discover your computer is infected with CryptoLocker

When you discover that a computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network. This will prevent the ransomware from further encrypting any files. Reports say that once the network connection is disconnected, it will display the CryptoLocker screen.

It is important to note that the CryptoLocker infection spawns two processes of itself. If you only terminate one process, the other process will automatically launch the second one again.

Is it possible to decrypt files encrypted by CryptoLocker?

At this time there is NO WAY to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key.

Newer variants of CryptoLocker will attempt to delete the Shadow Copies, but it is not always successful. If you need more information about how to restore your files via Shadow Volume Copies please call us immediately on. 6552 7611

If you do not have System Restore Enabled on your computer or Reliable Backups, then you will need to pay the ransom in order to get your files back.

Known Bitcoin Payment addresses for CryptoLocker

CryptoLocker allows you to pay the ransom by sending 2 bitcoins to an address shown in the decryption program. Bitcoins are currently worth over $200 USD on some bitcoins exchanges.

The cost of the key remains 2 bitcoins if your within the standard 72 hour time frame, but if that has expired the price jumps to 10 bitcoins. At 10 bitcoins the ransom payment is over $2,000 USD.

This is a very clever program that will lock down everything on your computer, including external drives mapped to it. All of the antivirus companies report they still have NO SOLUTION for an infected computer.

Restoring and or using a backup is the only way of getting your data back. We can help you to back up your data and put in place prevention methods to keep this program from running, once infected it cannot be removed without paying the ransom or formatting and restoring your old data.

Formatting and reinstalling the operating System can be done easily, your backed up data is migrated back to your system. This can be a time consuming process, depending on how much data you have, however it will work. Prevention is better than the cure in all cases.

Please contact us immediately 6552 7611 if you believe you have become infected with any ransomware program or if you need help backing up your data and programs.

Back To Top Of Page

Return To The Home Page From Ransomware

Go To The Computer Service Page

Go To The Contact Us Page

  ACN: 166 081 036



Free Mozilla Firefox


Free CCleaner





Business Enterprise Centre