This article is about specific ransomware software called CryptoLocker. For other similar software, some using the CryptoLocker name, see Ransomware § Encrypting ransomware.
CryptoLocker
Classification
Trojan horse
Type
Ransomware
Subtype
Cryptovirus
Isolation
2 June 2014
Operating system(s) affected
Windows
The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running Microsoft Windows,[1] and was believed to have first been posted to the Internet on 5 September 2013.[2] It propagated via infected email attachments, and via an existing Gameover ZeuS botnet.[3] When activated, the malware encrypted certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displayed a message which offered to decrypt the data if a payment (through either bitcoin or a pre-paid cash voucher) was made by a stated deadline, and it threatened to delete the private key if the deadline passes. If the deadline was not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin. There was no guarantee that payment would release the encrypted content.
Although CryptoLocker itself was easily removed, the affected files remained encrypted in a way which researchers considered unfeasible to break. Many said that the ransom should not be paid, but did not offer any way to recover files; others said that paying the ransom was the only way to recover files that had not been backed up. Some victims claimed that paying the ransom did not always lead to the files being decrypted.
CryptoLocker was isolated in late May 2014 via Operation Tovar, which took down the Gameover ZeuS botnet that had been used to distribute the malware.[4] During the operation, a security firm involved in the process obtained the database of private keys used by CryptoLocker, which was in turn used to build an online tool for recovering the keys and files without paying the ransom. It is believed that the operators of CryptoLocker successfully extorted a total of around $3 million from victims of the trojan. Other instances of encryption-based ransomware that have followed have used the "CryptoLocker" name (or variations), but are otherwise unrelated.
^Cite error: The named reference ars-cryptolocker was invoked but never defined (see the help page).
^Kelion, Leo (24 December 2013). "Cryptolocker ransomware has 'infected about 250,000 PCs'". BBC. Archived from the original on 22 March 2019. Retrieved 24 December 2013.
^"CryptoLocker". Archived from the original on 14 September 2017. Retrieved 14 September 2017.
^"'Operation Tovar' Targets 'Gameover' ZeuS Botnet, CryptoLocker Scourge – Krebs on Security". 2 June 2014. Retrieved 5 September 2023.
The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack...
October 2014. "Cryptolocker 2.0 – new version, or copycat?". WeLiveSecurity. ESET. 19 December 2013. Retrieved 18 January 2014. "New CryptoLocker Spreads via...
computers were attacked by Cryptolocker beginning in 2013. The amount of money Bogachev and associates made from CryptoLocker is unclear; Wolff claimed...
13, p14 "Cryptolocker 2.0 – new version, or copycat?". WeLiveSecurity. ESET. 19 December 2013. Retrieved 18 January 2014. "New CryptoLocker Spreads via...
gang behind Gameover Zeus and Cryptolocker. The database indicates the scale of the attack, and it makes decryption of CryptoLocked files possible. In August...
similar manner to CryptoLocker by implementing symmetric block cipher AES where the key is encrypted with an asymmetric cipher. TorrentLocker scans the system...
communicate with a remote botnet. September: The CryptoLocker Trojan horse is discovered. CryptoLocker encrypts the files on a user's hard drive, then...
decrypt the files. Although resembling CryptoLocker in form and function, Teslacrypt shares no code with CryptoLocker and was developed independently. The...
down a system and encrypts its contents. For example, programs such as CryptoLocker encrypt files securely, and only decrypt them on payment of a substantial...
want to curse at a computer when it does not work properly. Since the CryptoLocker ransomware attack in September 2013, and a subsequent DDoS of the site...
security § Medical systems Comparison of computer viruses Conficker CryptoLocker Cyber self-defense Cyberweapon § Control Health Service Executive cyberattack...
axwscwsslmiagfah.com. This simple example was in fact used by malware like CryptoLocker, before it switched to a more sophisticated variant. DGA domain names...
the multi-nation effort that disrupted the "Gameover ZeuS" Botnet and "CryptoLocker" Ransomware scheme that was connected to the indictment of the alleged...
Many types of ransomware demand payment in bitcoin. One program called CryptoLocker, typically spread through legitimate-looking email attachments, encrypts...
Abrams, Lawrence (25 March 2021). "Insurance giant CNA hit by new Phoenix CryptoLocker ransomware". BleepingComputer. Archived from the original on 25 March...
(random name) (random title) Sean Gallagher (February 17, 2016). ""Locky" crypto-ransomware rides in on malicious Word document macro". arstechnica....
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing...
account. CEO and IT security staff subsequently fired. By December 2013, Cryptolocker ransomware had infected 250,000 computers. According to Dell SecureWorks...
Archived from the original on August 9, 2015. Retrieved August 20, 2015. "Cryptolocker Ransomware: What You Need To Know". October 8, 2013. Archived from the...
Simplelocker Cleaner - A locker cleaner application that performs a full scan of an Android device, and checks for example if a Cryptolocker virus is present...
advertising network reportedly saw cases of infection of a variant of Cryptolocker ransomware. The Internet's low cost of disseminating advertising contributes...
Retrieved May 29, 2019. "Security News This Week: WhatsApp Is Caught in Its Own Crypto War in Brazil". Wired. March 5, 2016. Archived from the original on August...