CTB Locker – The Professional Saboteur
- Tags: CTB Locker
Unlike regular viruses or malware that can be removed from your computer using an antivirus program, ransom ware or crypto-viruses spell disaster for your files. Once this malicious program makes its way to your computer, there is no asylum from the horrors of losing your valuable data. Another highly proficient Ransomware from the huge family of such crypto-malware is CTB Locker. Like other Ransomware of its kind, CTB Locker secretly encrypts your files, hijacks your computer and demands ransom from the owner in Bitcoin.
CTB Locker is notorious for targeting specific file types with extensions such as .PDF, .XLS and .PPT. While this sounds harmless, imagine this Ransomware hijacking a government institution or a bank where such file types could mean sensitive data or financial records.
How it Enters
This Ransomware usually comes hiding inside .zip attachments from spam emails. Once the user unzips the contents, the virus sneaks inside the %temp% folder and works from there. Like other crypto viruses it then launches a legitimate svchost process and injects malicious code into your system. Shutting the computer down is not an option as the virus schedules itself with system startup so its functioning is not impaired.
It then encrypts files based on their extension and creates a text file and an HTML file that contains the ransom note. The instructions are usually provided with a specific time limit to make the payments. If the victims fail to make payment on time, CTB-Locker’s command server will permanently delete the key leaving all the data encrypted.
Free Decryption Offer
To make its threat seem more legitimate, CTB-Locker might also offer the user free decryption for a single or two files at the most. They provide keys for any two files that the victim choses, to prove that they hold the data and can restore it if their demands are met.
How to Protect Yourself
Sadly, there aren’t a lot of ways to protect your files from this monstrosity once it enters your computer. Nevertheless, there are some ways how you can still avoid paying any ransom.
- Invest in Antivirus protection- While this might not help once the virus encrypts your files, it is still a good way to prevent the malware from entering the computer. It would warn you beforehand of such threats so you can avoid accidently opening suspicious folders and .zip files.
- Cloud Backup – If you save important data and files to a secure cloud server, you can restore them whenever you want. Ransomware protector is a great example of such a service where you can back up your sensitive data and protect them from such viruses
- Secure Your Network – End-to-end encryption and network privacy is the best way to stop such links and spam to be displayed on your computer. Enabling windows firewall might seem like its slowing things down, but is actually the last line of defense against such threats.
- Remove Privileges – It might be annoying, but the more permissions your computer asks before launching a specific task/program, the better it is for your security. Such Ransomware often take advantage of the user rights and launch malicious codes at free will. Hence, the settings with the least admin rights is always the best.