CTB Locker encryption removal process

CTB-Locker

CTB -Locker

I had another client with an encryption virus this morning. CTB Locker has been around for while but there’s a fresh new variant.

This one came in the form of an email bill from AGL electricity and looks quite authentic. As we have learned in previous blog posts about cryptolocker, the evidence of a scam is right in front of your eyes.

  1. Hovering your mouse over the email address reveals that the email didn’t come from an @agl.com.au account.
  2. You would expect a bill to be in a PDF form, not locked away in a zip file.
  3. You arent expecting a bill that high – That’s the shock factor they go for. You would immediately think it was wrong and click on the link to find their mistake.

Removal of CTB Locker

Getting rid of the virus is relatively easy. It can be done with any of the major virus removal tools.

I really love the guys at Sophos who have a company called Surfright who make HitmanPro. This is all owned by my favorite antivirus company, Sophos.

Buy HitmanPro directly from this link now!

This is an amazing program that gets ride of most of the problems I come across, including CTB-Locker and cryptolocker.

Decryption of files

To decrypt files affected by Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury,Trojan-Ransom.Win32.Crybola or Trojan-Ransom.Win32.Cryakl, use the RannohDecryptor utility from Kaspersky. This has been known to be very effective but at some point you may need to find a copy of an original file plus an encrypted version so it can compare the two and figure out what the encryption key is. Places to look for original, unencrypted files include email attachments, Dropbox, USB sticks, external hard drives etc.

You can download the RannohDecryptor program from the Kaspersky website.

Recover your files from a backup

After you have removed the virus, you can restore your files from your back up. Simply follow the restore process from your backup program.


Can you help remove my ransomware?

Yes, we can remove the ransomware and assist in the recovery of your encrypted files.

Our phone number is 0414 899 254 (mobile users can click on the button to direct call) or you can make a booking online in advance.

CALL 0414 899 254 BOOK ONLINE