CryptoLocker is a file encrypting ransomware.[1] It first appeared in September 2013. It was transferred using email attachments and botnets. The ransomware encrypts most files on the computer (including connected devices), using an RSA encryption.After infection Cryptolocker scan the victim’s folder structure for files matching a set of file extensions, encrypt them and display a message window that demands a ransom in order to decrypt the files.[2] Cryptolocker use RSA public-key cryptography. [3] Once it has encrypted the files, it will display a window asking for 2 bitcoin for the decryption program.[4] It will give the user 72 hours to pay the ransom.

If the user does not pay the fee in time, the ransomware will uninstall itself and ask the user to download it again. It will then ask the user for 10 bitcoin, instead of 2.[5] A program to decrypt (fix) files was later made available.[6]


  1. Goodin, Dan (October 17, 2013). "You're infected—if you want to see your data again, pay us $300 in Bitcoins". Arstechnica. Retrieved March 28, 2015.
  2. Hern, Alex (2014-06-03). "Cryptolocker: what you need to know". The Guardian. ISSN 0261-3077. Retrieved 2019-03-07.
  3. "RSA-4096 Ransomware Information". Malware Research. November 3, 2015. Retrieved March 20, 2016.
  4. Abrams, Lawrence (October 14, 2013). "CryptoLocker Ransomware Information Guide and FAQ". Bleeping Computer. Retrieved March 28, 2015.
  5. "CryptoLocker crooks charge 10 Bitcoins for second-chance decryption service". Network World. November 3, 2013. Retrieved March 28, 2015.
  6. "Decrypt CryptoLocker".