Linda from New York asks,
I have been receiving Steve’s tips for about 15 years and I am sure this has been addressed but I don’t know when. I have a ctb-locker virus and I would like to know how you would handle it.
Hi Linda, thanks for being such a loyal reader!
CTB locker is a nasty form of malware in the form of ransomware. Infections by this malware are currently on the rise. This is most often sent in spam emails with attachments, similar to the one below. It’s also shown up on false messages appearing to warn you that Google Chrome is out of date. This is where we once again give the advice to NEVER click on attachments from emails you don’t recognize.
The malware will encrypt your files and won’t let you into those files unless you pay the ransom. It will copy itself into the %temp% folder with a random, 7 character name, as well as set up a scheduled task to execute itself at system startup. Once files are encrypted, you’ll get a pop up that gives you a countdown and demands a ransom in bit coins. It seems the ransoms are for 2-3 bitcoins, which is equal to up to $750 US dollars! The malware also changes your background image to show the same ransom warning.
The issue is that this is not a joke or a scam, and the files are truly encrypted. Once encrypted, there is not a lot that you can do to recover the files. We certainly don’t advise to pay the ransom, as that will just finance further operations by the creators, and doesn’t even guarantee your files will be decrypted. After all, you are relying on the trustworthiness of the creators of a major form of malware!
First things first, you need to run a malware scanner and antivirus scanner if you find yourself infected. Make sure to remove any infected items it finds. However, even after the infection is removed, the files are still encrypted. There are a few methods you can try to get your files back.
First, and best, restore from a recent backup. Hopefully, you keep a regular backup of all your files. In the case of this infection, this is the best, and possibly only, way to recover your files.
You may also find success with a system restore, if this is set up on your computer. Remember, this will restore to a previous state, so if you’d made some major changes before this restore point, you may lose some of your data. You may also find some success with previous versions of files. But keep in mind, ctb locker will attempt to erase these files as well, so you may not be able to do this with all your files.
Of course, prevention is the key to avoiding all this headache. Here are some tips to avoid infection:
- Avoid unsolicited links or attachments in emails.
- Use caution when dealing with unfamiliar files and websites.
- Only download software from official websites.
- Keep operating systems, antivirus, and antimalware software up to date.
- Perform regular back ups of your files and system.