Cryptolocker 1.0.0 Ransomware

Cryptolocker 1.0.0 Ransomware Description

The Cryptolocker 1.0.0 Ransomware is a ransomware Trojan that originated in Turkey, and was created by a programmer that is known as 'Alp.' The Cryptolocker 1.0.0 Ransomware is an upgrade of CryptoLocker, a well-known ransomware Trojan that was first observed in 2013. This ransomware Trojan was in development through the end of 2015, when its development was interrupted. Apparently, the Cryptolocker 1.0.0 Ransomware is part of an effort to return to the development of this well-known threat. The Cryptolocker 1.0.0 Ransomware uses the RSA-2048 encryption, a strong obfuscation procedure, a different packaging and interface, and an effective ransomware attack.

How the Cryptolocker 1.0.0 Ransomware may Infect a Computer

The Cryptolocker 1.0.0 Ransomware is being distributed using social engineering techniques and corrupted email attachments. The Cryptolocker 1.0.0 Ransomware project was observed on GitHub and seems to be distributed as a PDF file that claims to be a job application or other legitimate file. Once the file is opened, the Cryptolocker 1.0.0 Ransomware infects the victim's computer, encrypting files on all local hard drives, external memory devices connected to the infected computer, and directories shared on a network. The Cryptolocker 1.0.0 Ransomware will encrypt the following file types during its attack:

.odt , .ods , .odp , .odm , .odc , .odb , .doc , .docx , .docm , .wps , .xls , .xlsx , .xlsm , .xlsb , .xlk , .ppt , .pptx , .pptm , .mdb , .accdb , .pst , .dwg , .xf , .dxg , .wpd , .rtf , .wb2 , .mdf , .dbf , .psd , .pdd , .pdf , .eps , .ai , .indd , .cdr , .jpg , .jpe , .dng , .3fr , .arw , .srf , .sr2 , .bay , .crw , .cr2 , .dcr , .kdc , .erf , .mef , .mrwref , .nrw , .orf , .raf , .raw , .rwl , .rw2 , .r3d , .ptx , .pef , .srw , .x3f , .der , .cer , .crt , .pem , .pfx , .p12 , .p7b , .p7c , .c , .cpp , .txt , .jpeg , .png , .gif , .mp3 , .html , .css , .js , .sql , .mp4 , .flv , .m3u , .py , .desc , .con , .htm , .bin , .wotreplay , .unity3d , .big , .pak , .rgss3a , .epk , .bik , .slm , .lbf , .sav , .lng , .ttarch2 , .mpq , .re4 , .apk , .bsa , .cab , .ltx , .forge , .asset , .litemod , .iwi , .das , .upk , .bar , .hkx , .rofl , .DayZProfile , .db0 , .mpqge , .vfs0 , .mcmeta , .m2 , .lrf , .vpp_pc , .ff , .cfr , .snx , .lvl , .arch00 , .ntl , .fsh , .w3x , .rim ,psk , .tor , .vpk , .iwd , .kf , .mlx , .fpk , .zip , .vtf , .001 , .esm , .blob , .dmp , .layout , .menu , .ncf , .sid , .sis , .ztmp , .vdf , .mcgame , .fos , .sb , .im , .wmo , .itm , .map , .wmo , .sb , .svg , .cas , .gho , .iso , .rar , .syncdb , .mdbackup , .hkdb , .hplg , .hvpl , .icxs , .itdb , .itl , .mddata , .sidd , .sidn , .bkf , .qic , .bkp , .bc7 , .bc6 , .pkpass , .tax , .gdb , .qdf , .t12 , .t13 , .ibank , .sum , .sie , .sc2save , .d3dbsp , .wmv , .avi , .wma , .m4a , .7z , .torrent , .csv , .cs , .jar , .java , .class.

The files that have been encrypted using the Cryptolocker 1.0.0 Ransomware Trojan will have the comment 'LOCKED File' added to the file's properties. The names and extensions of the affected files will remain the same, but their icon will become the icon for the default Text Editor. The Cryptolocker 1.0.0 Ransomware uses a ransom note that is displayed in a pop-up window that uses red and blue coloring and is named the Cryptolocker 1.0.0 Ransomware. The Cryptolocker 1.0.0 Ransomware ransom note contains the following text (originally in Turkish):

'Personal files
Photos and important files on the computer, videos, Documents, etc. were encrypted with a unique RSA-2048 key
RED [BUTTON]
- If you choose the RED, there are no copies. Goodbye to everything you have! We will delete your files.
Blue [BUTTON]
- If you take BLUE the story is better. I have the KEY with me. You can get rid of the Trojan and sleep comfortably.
Send me an email with the "Send Mail" button and save your files.
SEND MaiL'

Clicking on the RED button will delete all the encrypted files so that caution is paramount.

Dealing with the Cryptolocker 1.0.0 Ransomware

If your computer is infected with the Cryptolocker 1.0.0 Ransomware, ignore the ransom note and refrain from paying the Cryptolocker 1.0.0 Ransomware ransom. Instead, PC security researchers advise computer users to restore their files from a backup copy. Future infections also can be prevented with the help of a reliable, fully updated anti-malware application.

Aliases: Win32/Trojan.33a [Qihoo-360], Trojan/Bitman.w [Jiangmin], TR/Injector.502272.6 [Avira], Trojan[Ransom]/Win32.Bitman [Antiy-AVL], Ransom:Win32/Tescrypt.A [Microsoft], Artemis!E78654D43FCF [McAfee], Trojan.Win32.Ransom.fo [Baidu-International], a variant of Win32/Injector.BXSI [ESET-NOD32], Trojan.Win32.Qudamah.Gen.2 [Tencent], Trojan.Win32.Injector [Ikarus], W32/Bitman.FO!tr [Fortinet], Inject2.BWZN [AVG], Troj/Ransom-AST [Sophos], Trojan.AVKill.36611 [DrWeb] and TrojWare.Win32.Ransom.Bitman.~NS [Comodo].

Infected with Cryptolocker 1.0.0 Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Cryptolocker 1.0.0 Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Cryptolocker 1.0.0 Ransomware outbreaks and other threats from global to local level.

File System Details

Cryptolocker 1.0.0 Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Microsoft\Crypto\sysgop.exe 276,883 3c282af747b4f70340dca3170d55ae29 245
2 %APPDATA%\Microsoft\Crypto\sysjar.exe 404,513 eb2cde846127106689d14afe7911bcec 150
3 %WINDIR%\System32\документы для подписи на 29.02.2016.doc.exe 354,074 132053c1f40d453bd95a253262ce588f 39
4 %APPDATA%\Microsoft\Crypto\syspoz.exe 237,400 1b21b27589ddc173ba795213e108a096 37
5 %APPDATA%\Microsoft\Crypto\sysras.exe 220,726 881f86bf4bb4b9f0e993b2853a0a27cf 36
6 %TEMP%копия_решения_суда.doc.exe 430,080 fd62baf8514ca7e54911819e0f724ada 18
7 %USERPROFILE%\??? ?????????\Downloads\Резюме.doc.exe 493,568 12303bbfe7194fd4f0070cd4d1005209 8
8 КЫРГЫЗ РЕСПУБЛИКАСЫ сейчас КЫРГЫЗСКАЯ РЕСПУБЛИКА.docx.exe 545,454 acf9873c86e35b9bee0db158befe8163 7
9 %USERPROFILE%\??? ?????????\Downloads\8397022-Шестидесантник. Евг. Евтушенко.doc.exe 1,614,336 29948b3441657f007831e1eba1bf88d9 6
10 %USERPROFILE%\Desktop\????? ?????\план части.docx.exe 305,099 bac4daf1ba563a5fdd01691441cedc9b 6
11 %SystemDrive%\8d57c76f\8d57c76f.exe 171,008 b2cd3654231a0ba47e405bc99edfc736 5
12 %USERPROFILE%\??? ?????????\????????\8455755-Книга Фaльшивый Фауст, автор Маргер Заринь.doc.exe 1,536,512 c44f453fd29b7453e8d576445c18fe40 2
13 %WINDIR%iqosaqop.exe 465,920 00cb45c4efd4053cef8bb8567dc0638e 2
14 %WINDIR%ufegapoj.exe 286,720 fe45e7e6c10b4671514182a2809b7d02 2
15 %APPDATA%uixjlub.exe 502,272 e78654d43fcfeaf6c1c06b3ce4bb3712 2
More files

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 12 + 13 ?