Get rid of CTB Locker and apply recovery routines instead of paying the ransom

CTB Locker is among the most lasting computer threats.

The infection modifies computer data using the advanced encryption algorithm. A user of compromised PC is prompted to pay a ransom. Otherwise, the invader claims it is going to destroy the decryption key.

The cyber attack has been ongoing since 2014. It is still active today.
IT experts have reported several times the infection no longer propagated. Another outburst sooner or later refuted those allegations. Such longevity rests upon constant and timely updating. That enables CTB Locker to exploit emerging vulnerabilities in OS and software.

The ransomware developers do not distribute copies of the application directly. They invite agents via black market forums. It is relatively easy to get into the underground community and obtain a copy of the ransomware.
Since there is a number of distributors acting independently, a variety of infection vectors introduce the virus. One of the most common distribution schemes is based on spamming. The spamming is not that simple, though.

The infecting message often arrives from one of the victim’s contacts. That is, the hackers compromise emails first. The spam is distributed among the contacts approved by the cracked account. Needless to say, people tend to trust their approved contacts so that they open the spam message without hesitating.

Another popular trick is to dispatch email that pretends to be a DHL delivery reference or payment notification.

Once infiltration completes, CTB Locker installs its components and creates relevant registry entries. The program scans the memory applying the very wide filter. It targets files with specific extensions. The list of extensions includes virtually any possible extension. Hence, we can conclude the rogue targets any data on affected PC.

The demanded ransom usually amounts to 0.2 bitcoins, which is around USD 100. Paying the ransom is not the best solution for a victim. Moreover, the ransomware, fortunately, fails to destroy Windows backups.

Victims of the ransomware are advised to apply recovery routines and remove CTB Locker ransomware. Relevant CTB Locker removal and recovery tips follow: http://nabzsoftware.com/types-of-threats/ctb-locker

 
0
Kudos
 
0
Kudos

Now read this

Get rid of RSA-4096 ransomware and restore access to affected data through recovery routines

RSA-4096 (all of your files were protected by a strong encryption with rsa-4096) is a header of the message the victims of ransomware stumbles upon. The message is basically a ransom note. It says that your data has been encrypted. User... Continue →