The newest variants of CTB-Locker typically encrypt all data files and rename them as a file with a 6-7 length extension with random characters
. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolder
(fake Cryptolocker) or CryptoWall
ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.
A repository of all current knowledge regarding this infection is provided by Grinler
(aka Lawrence Abrams
), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ
There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion
. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.
To avoid confusion, I have asked a Moderator to close this topic.
Edited by Alexstrasza, 15 April 2015 - 03:48 AM.