The CryptoLocker3 Ransomware, despite its name, is not associated with the famous Cryptolocker Ransomware family. The operation involving the CryptoLocker Ransomware has been inactive for many months, but threat authors still try to take advantage of this threat’s reputation. The CryptoLocker3 Ransomware appears to be no different, and it also uses a lock screen that is slightly similar to the one used by most versions of CryptoLocker. All files that the CryptoLocker3 Ransomware locks will have their original extension changed to ‘.cryptolocker’ (e.g. ‘spreadsheet.xlsx’ will become ‘spreadsheet.xlsx.cryptolocker’). Instead of leaving a traditional text-based ransom note, the CryptoLocker3 Ransomware takes advantage of the ‘.hta’ file format, which is usually associated with the Globe Ransomware. The ‘.hta’ ransom note is displayed automatically when the encryption is complete, and it informs users that their most valuable data has been locked securely with the assistance of a strong encryption algorithm. Then, it tells users how to purchase 0.5 Bitcoin and send it to a private Bitcoin wallet address that is only known by the victim and the attacker. The window also displays a ‘Wallet Balance’ field which, according to the author, checks the balance of the Bitcoin wallet automatically, and if it detects a 0.5 Bitcoin transaction the users will be allowed to decrypt their data. The last piece of the CryptoLocker3 Ransomware’s ransom message is a ‘Show Files’ button that allows the victim to see a complete list of the files that were encrypted by the crypto-threat.
Although the CryptoLocker3 Ransomware is not linked to the original CryptoLocker, this does not mean that the threat is not equally threatening. There’s no information whether a free decryptor for the CryptoLocker3 Ransomware will be available, and victims of this threat may end up with a large number of encrypted files that are nearly impossible to restore unless they can get the original copies recovered from a backup. One of the surprising things about the CryptoLocker3 Ransomware is the small list of file extensions it encrypts – documents, images, PDF files, and spreadsheets are its only targets.
The ransomware trend among threat authors is still gathering pace, and that’s why all computer users should take extra security and preventive measures to stop ransomware attacks. Using a reputable anti-malware software suite to keep you safe while browsing the Web is the first thing you should do, and users who store valuable data on their computer should also consider taking advantage of backup services to have reserve copies of their most important files. This way, even if a ransomware attack succeeds, they’ll be able to restore the encrypted files without sending money to cyber crooks. If you have already been infected with the CryptoLocker3 Ransomware, then you should use an anti-malware tool to cure the infection immediately. Then, it is recommended to attempt to recover some of your files with the assistance of 3rd-party file recovery utilities or via System Restore.