Cryptolocker Italy Ransomware
The Cryptolocker Italy Ransomware is a ransomware Trojan that impersonates the infamous Cryptolocker Ransomware Trojan. The Cryptolocker Italy Ransomware identifies the files that it encrypts with its strong encryption algorithm with the extension '.LOCKED.' The Cryptolocker Italy Ransomware demands the payment of a ransom of 250 Euros to restore the infected files. The Cryptolocker Italy Ransomware seems to belong to the CryptoWall family of ransomware, one of the best-known families of ransomware Trojans. The Cryptolocker Italy Ransomware belongs to the CryptoWall version 5.1 specifically, which has been responsible for numerous attacks in recent history.
Some Particularities About the Cryptolocker Italy Ransomware
The Cryptolocker Italy Ransomware is a variant of the version 5.1 of CryptoWall. The Cryptolocker Italy Ransomware uses the AES-256 encryption to encrypt its victims' files, making them inaccessible. The Cryptolocker Italy Ransomware may be distributed using corrupted email attachments and other typical threat delivery methods, such as bogus files distributed over file sharing networks. A common delivery method associated with the Cryptolocker Italy Ransomware attacks is the use of phishing emails, which may be targeted towards specific organizations or even individuals. This allows the con artists to take down high-profile targets, maximizing the potential revenue earned from the Cryptolocker Italy Ransomware attack. A typical example of these attacks may include con artists obtaining information about an organization's administration and then sending a particular individual an email message that appears to come from someone important in the company. These messages may use a subject line such as 'Important! Read and reply immediately' and can be disguised to trick inexperienced computer users into opening a corrupted email attachment containing the Cryptolocker Italy Ransomware. Because of this, it is important that computer users confirm in person or through a phone call with an email contact if they receive some unsolicited email attachment.
How the Cryptolocker Italy Ransomware Carries out Its Attack
As soon as the Cryptolocker Italy Ransomware drops its corrupted executable file on the victim's computer, it will search for numerous file types and begin encrypting them. The following are some of the file types that are targeted by attacks like the Cryptolocker Italy Ransomware:
.3dm, .3ds, .3fr, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .3g2, .3gp, .3pr, .7z, .ab4, .accdb, .sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt, .accde, .accdr, .accdt, .ach, .acr, .act, .adb.
The Cryptolocker Italy Ransomware will also make changes to the infected computer's settings, which will ensure that the Cryptolocker Italy Ransomware runs automatically during start-up and it can continue carrying out its attack on the victim's computer. The Cryptolocker Italy Ransomware targets Italian computer users and uses the following message to demand its ransom:
'Il tuo computer è stato infettato da Cryptolocker
Cryptolocker è un malware appartenente alla famiglia dei ransomware.
Questo virus è in grado di criptare con algoritmi asimmetrici i file della vittima.
Wikipedia: https://it.wikipedia.org/wiki/CryptoLocker
Come faccio a ripristinare i miei documenti?
I tuoi documenti, foto, dati e altri file importanti (compresi usb, hard disk, percorsi di rete etc. ) sono stati criptati con un algoritmo asimmetrico a due chiavi, pubblica e privata.
Tutti i file sopra citati che hanno l'estensione .locked sono stati bloccati, per sbloccarli hai bisogno della chiave privata.
Come ottengo la chiave privata?
Mentre la chiave pubblica и stata salvata in una directory di sistema del tuo computer, quella privata и stata inviata sul nostro server, per ottenerla devi pagare la cifra di 250 €.
Appena l'importo sarà accreditato tramite uno dei metodi di pagamento riceverai tramite mail la chiave privata e potrai cosм riavere accesso ai tuoi dati
In caso contrario al termine delle 48h previste per il pagamento del riscatto la chiave privata verrà eliminata e non sarà più possibile recuperare i file.
ATTENZIONE: La rimozione di Cryptolocker non ripristina l'accesso ai file cittografati.
Contaсt: cryptowall51@sigaint.org'
Which translated into English, reads as follows:
'Your computer is infected with cryptolocker
Cryptolocker is a malware belonging to the family of Ransomware.
This virus can encrypt the victim's files with asymmetric algorithms
Wikipedia: https://it.wikipedia.org/wiki/CryptoLocker
How do I restore my files?
Your documents, photos, data and other important files (including USB, hard drives, network locations, etc.) have been encrypted with an asymmetric algorithm to two keys, public and private.
All files mentioned above having the .locked extension have been blocked; you need to unlock the private key.
How do I get the private key?
While the public key и been saved in a directory of your computer, the private и been sent to our server, to get it you have to pay the amount of 250 €.
As soon as the amount is credited with one of the payment methods, you will receive by mail the private key, and regain access to your data.
Otherwise, at the end of 48h provided for the payment of the ransom, the private key will be deleted and it will no longer be possible to recover files.
CAUTION: Removing cryptolocker will not restore access to encrypted files.
Contaсt: cryptowall51@sigaint.org'
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.