Threat Database Ransomware CryptoTorLocker2015

CryptoTorLocker2015

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: February 2, 2015
Last Seen: January 9, 2019
OS(es) Affected: Windows

Ransomware infections are among the most sophisticated threat infections active today. They will use advanced encryption algorithms and untraceable payment systems to carry out their attacks, which may be devastating and very difficult to recover from, if one has not backed up their files. Luckily, that is not what happens when it comes to CryptoTorLocker2015. This low-quality ransomware infection uses a badly written ransom note, a payment address that is static and easily traceable, and an encryption type that is easily decrypted. It is almost as if CryptoTorLocker2015 is taking advantage of the fearsome reputation of other TOR-related ransomware infections to lure its victims. Unfortunately, there have been computer users that have been tricked into paying CryptoTorLocker2015's ransom to recover the use of their files.

CryptoTorLocker2015 is an Unusual Kind of Ransomware

It is not clear how CryptoTorLocker2015 is installed on a computer. CryptoTorLocker2015 may use typical threat delivery methods such as hiding in torrent files on file sharing networks or being distributed using spam email messages. Once CryptoTorLocker2015 is installed, it scans the affected computer and encrypts all data files CryptoTorLocker2015 finds. Whenever CryptoTorLocker2015 encrypts a file, it adds the string '.CryptoTorLocker2015!' to the end of the file's name. For example, a file named 'photo.jpg' would become 'photo.jpg.CryptoTorLocker2015!' instead. CryptoTorLocker2015 also creates a text file in each folder on the affected computer. This text file, named 'HOW TO DECRYPT FILES.txt' contains CryptoTorLocker2015's ransom note. This is all typical of how similar encryption ransomware infections operate. Below is the text of the ransom note (grammatical and spelling mistakes appear in the original, a shoddily written ransom note as well):

Your important files strong encryption RSA-2048 produces on this computer:Photos,Videos,documents,usb disks etc.Here is a complete list of encrypted files,and you can personally verify this.CryptoTorLocker2015! which is allow to decrypt and return control to all your encrypted files.To get the key to decrypt files you have to pay 0.5 Bitcoin 100$ USD/EUR.
Just after payment specify the Bitcoin Address.Our robot will check the Bitcoin ID and when the transaction will be completed, you'll receive activation,Purchasing Bitcoins,Here our Recommendations 1. Localbitcoins.com This is fantastic service,Coinbase.com Exchange,CoinJar =Based in Australia,We Wait In Our Wallet Your Transaction
WE GIVE YOU DETAILS! Contact ME if you need help My Email = information@jupimail.com AFTER YOU MAKE PAYMENT BITCOIN YOUR COMPUTER AUTOMATIC DECRYPT PROCEDURE START! YOU MUST PAY Send 0.5 BTC To Bitcoin Address: 1KpP1YGGxPHKTLgET82JBngcsBuifp3noWWhen it has finished encrypting your data it will then change your wallpaper to a patchwork of images copied from other ransomware infections. If anything, it may be worth paying the ransom so you do not have to look at this wallpaper anymore.

CryptoTorLocker2015 will also change the affected computer's wallpaper so that CryptoTorLocker2015 will display the ransom note. After the ransom note, CryptoTorLocker2015 displays another alert with a password prompt. Supposedly, computer users that pay the ransom receive the password to decrypt the files. However, since CryptoTorLocker2015 does not generate network traffic, CryptoTorLocker2015 does not receive external information but, rather, has the decrypter and password key already embedded in its software. It is possible to bypass the password prompt and, in fact, easily decrypt the files because CryptoTorLocker2015 uses easily-cracked XOR encryption.

How to Deal with CryptoTorLocker2015

Unlike other encryption ransomware, it is possible to recover your files easily from a CryptoTorLocker2015 infection. PC security researchers first recommend removing all traces of CryptoTorLocker2015 with the help of a reliable, fully updated security application that is fully up- to-date. It is then possible to decrypt your files using an easily available decryption utility. Fortunately, it is not necessary to pay CryptoTorLocker2015's ransom or risk losing your files. However, CryptoTorLocker2015 is an isolated case. Most encryption, TOR-related encryption ransomware are more sophisticated and difficult to recover from, making preventive measures extremely important to protect your data and computer.

Trending

Most Viewed

Loading...