The newest variants of CTB Locker typically appends encrypted data files with a 6-7 length extension consisting of random characters
. This extension is believed to be generated as a result of some type of algorithm involved at the time of the initial infection. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolder
, Torrent Locker
(fake Cryptolocker) or Cryptowall
ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.
A repository of all current knowledge regarding this infection is provided by Grinler
(aka Lawrence Abrams
), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ
There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion
. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.
The BC Staff