CTB-Locker is a dangerous ransomware infection that encrypts files and requires that the users of the infected computers pay for the decryption. The CTB-Locker ransomware infection is installed by a Trojan horse, which gets on the computer through insecure pornography websites and files exchange websites. You may not suspect that the computer contains a Trojan horse because the file of the infection consists of randomly selected digits; moreover, the process of the Trojan is called Adobe Flash Player 10.3 r183, and you may think that you have just installed a program that will enable you to watch videos. In order to prevent such occurrences, you should always keep the system protected by a professional malware and spyware removal tool.
Shortly after executing the Trojan, the Trojan downloads CTB-Locker, which encrypts a range of files stored in different locations. The CTB-Locker malware encrypts files bearing extensions such as .doc, .jpg, .mp4, .cer, .pem, .db, and many others. Moreover, during encryption, the infection creates three files, which are AllFilesAreLocked 1716900.bmp, DecryptAllFiles 1716900.txt, and sunlrad.html. The numbers in the file names may vary on different computers; nevertheless, the files contain messages, which are available in English and Russian, informing the user about the changes made on the computer and what further actions have to be taken.
Moreover, CTB-Lockerer disables the file explorer.exe, which ensures efficient interaction between you and the interface of the operating system. The shutdown of the processes results in the display of a black screen, which is a temporary symptom. In order to restore the Task bar, desktop icons, and other interface features, you have to reboot the computer.
It is important to note that the ransomware infection is automatically deleted as soon as your files have been encrypted, and the only threat on your PC is the Trojan horse. After rebooting the computer, you can access the Internet and download an anti-malware program so that you can remove the malicious program.
As for your encrypted files, they cannot be decrypted without a special key, which is stored on some server of the attacker. Without they key, all that you can do is pay the ransom required, the sum of which is not fixed. For example, you may be requested to pay 24 USD or some other amount of money. According to the warning, the charge has to be paid in bitcoins, which are an electronic currency generated by computers connected to a special network. There is no guarantee that after paying the sum requested you will regain access to your data, which is why it is unadvisable to pay up.
It is highly important to back up your data stored on the PC so that you can restore after encountering malicious programs such as CTB-Locker. Moreover, the computer should be protected against malware and spyware in order to minimize the risk of getting the system affected by Internet-based threats. If you have backed up your data, restore and make sure that the system is protected against CTB-Locker and other dangerous programs.