CryptoLocker3 Ransomware

The Cryptolocker3 Ransomware, known as Pclock, pretends to be a CryptoLocker variant by encrypting the data on the victim's PC using an XOR encryption method. The Cryptolocker3 Ransomware also receives the name Pclock because of a project name that threat analysts found in the Cryptolocker3 Ransomware's executable code. Once the Cryptolocker3 Ransomware is installed, it scans the victim's files in search for certain file extensions. The Cryptolocker3 Ransomware encrypts the found files using its encryption engine. After encrypting the victim's files, the Cryptolocker3 Ransomware displays its ransom note, which includes a 72-hour timer. The Cryptolocker3 Ransomware demands the payment of 1 BitCoin (approximately $840 USD at the current exchange rate) in exchange for the decryption key. Fortunately, there is a decryption utility available that can help computer users recover from a the Cryptolocker3 Ransomware infection.

The Cryptolocker3 Ransomware Keeps Your Files Inaccessible

During the Cryptolocker3 Ransomware's encryption process, the Cryptolocker3 Ransomware creates a list of the encrypted files, which it stores in a text file named 'enc_files.txt' in the %UserProfile% location. The Cryptolocker3 Ransomware targets the following file types during its attack:

.3fr, .accdb, .ai, .arw, .bay, .cdr, .cer, .cr2, .crt, .crw, .dbf, .dcr, .der, .dng, .doc, .docm, .docx, .dwg, .dxf, .dxg, .eps, .erf, .indd, .jpe, .jpg, .kdc,.mdb, .mdf, .mef, .mrw, .nef, .nrw, .odb, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pef, .pem, .pfx, .ppt, .pptm, .pptx, .psd, .pst, .ptx, .r3d,.raf, .raw, .rtf, .rw2, .rwl, .srf, .srw, .wb2, .wpd, .wps, .xlk, .xls, .xlsb, .xlsm, .xlsx.

The Cryptolocker3 Ransomware's corrupted executable files are located in %AppData%\WinCL\WinCL.exe. Terminating this file process and deleting the Cryptolocker3 Ransomware's corrupted files does remove this threat from the infected computer but, unfortunately, the affected files will remain inaccessible. To deliver its ransom note, the Cryptolocker3 Ransomware will change the infected computer's desktop. The Cryptolocker3 Ransomware will also delete the Shadow Volume Copies of the affected files to block PC users from recovering their files using these alternate methods. To decrypt the victim's files, the Cryptolocker3 Ransomware will check its BitCoin wallet constantly and, if a payment is detected, the Cryptolocker3 Ransomware will transform into the decryption utility and decrypt the victim's files. When victims do not pay after the timer runs out, the Cryptolocker3 Ransomware displays a text file named 'last_chance.txt' that claims that the victim should download the threat again to have three more days for the payment. The ransom message associated with the Cryptolocker3 Ransomware infection reads:

'CryptoLocker
Your important files encryption produced on this computer: photos, videos, documents, etc.
If you see this text, but do not see the "CryptoLocker" window, then your antivirus deleted "CryptoLocker" from computer.
If you need your files, you have to recover "CryptoLocker" from the antivirus quarantine, or find a copy of "CryptoLocker" in the Internet and start it again.
You can download "CryptoLocker from the link given below.
hxxp://invisioncorp.com/au/XXXXXXXXXX
Approximate destruction time of your proviate key:
1/5/2015 12:31:45 PM
If the time is finished you are unable to recover files anymore! Simply remove this wallpaper from your desktop.'

Dealing with the Cryptolocker3 Ransomware Infection

While there may be no solution available when it comes to encryption ransomware Trojans, fortunately, there is a decryption utility that can help computer users recover their files after a the Cryptolocker3 Ransomware infection. PC security analysts advise computer users to obtain the Cryptolocker3 Ransomware decryptor from their PC security provider and then decrypt the affected files. It is important, however, to use a reliable security program that is fully up-to-date to remove the Cryptolocker3 Ransomware infection itself completely. The Cryptolocker3 Ransomware is also not difficult to be removed manually. As is the case with most encryption ransomware Trojans, the best protection against the Cryptolocker3 Ransomware is to have backups of all files. Having backups of files on the cloud or an external memory device can help computer users recover from an attack quickly without having to pay the people responsible for the infection.