Popular Virus Removal Tool

Monday, December 8, 2014

How to Decrypt files locked by CTB Locker or Critroni?

Who wants to know about CTB Locker or Critroni?

CTB Locker is short for Curve-Tor-Bitcoin Locker or is known for Critroni, which is deemed as a file-encrypting ransomware that began to mess up computer files in the middle of July 2014. It targets at all versions of windows, Windows XP, Windows Vista, Windows7 and Windows 8 included. Like Cryptolocker and kit, CTB Locker aims at encrypting files to threat victims for a ransom. What different between CTB Locker and Cryptolocker is that CTB Locker uses the newest technologies like elliptical curve cryptography and the malware communicating with the command and the Control server over Tor.

What happens after being infected with CTB Locker?

Once CTB Locker gets on your PC, it will store itself in the %Temp% folder as a ransom called executable. It will scan your computer automatically just after you log in the windows. Its targets are so obvious that it scans all drives for data files and encrypt them to make them no longer accessible. Any drive letters on your PC like mapped dirves, removal drives and mapped network shares will be infected. Any encrypted file has its file extension changed to CTB or CTB2. Then a ransom screen will pop up to state that your data is encrypted and prompts you to follow the instructions on the screen to learn how to purchase and pay the ransom. The ransom amount is $120 USD which is averaged.

Do you stand any chance to restore the files encrypted by CTB Locker?

Yes. You do stand a few chance to restore the files.

Antidote 1: Backups

To restore your data, the very first and best antidote is to restore them from a recent backup. You can use the backups to restore your data if the backups have been performing.

Antidote 2: Files Recovery software

It’s found that CTB Locker will make a copy of the files before it encrypt them. Of course, it ruins the original ones after finishing the encryption. You may stand a chance to use a file recovery software to recover some of your original files.

What should you do when you are infected with CTB Locker? 

It’s no need to be panic when you discover your computer is attacked by CTB Locker. What you should do and very important is that you should scan your PC with an antivirus program. Unfortunately, most of the computer users have no awareness of the appearance of CTB Locker till the ransom screen displays and all your files are encrypted. You should keep this in mind: the antivirus scan, though, will at least detect and remove the infection out of your computer to stop it starting to scan when you log into Window.

Now Download and Install Spyhunter to detect and block CTB Locker.

1) Click here or the icon below to download SpyHunter automatically.

2) Follow the instructions to install SpyHunter
  spyhunter run

spyhunter setup

spyhunter setup

Step B. Run SpyHunter to block it

Run SpyHunter and click "Malware Scan" button to scan your computer, after detect this unwanted program, clean up relevant files and entries completely.

 spyhunter3 scan

Step C. Restart your computer to take effect.

You deserve to know:

Antivirus program like Spyhunter not only does its job to help you remove CTB Locker or Critroni, it also can do you a big favor - detect CTB Locker or Critroni and protect your data files from all being encrypted before the ransom screen pops up. Download and Install Spyhunter scanner for free.