What is CTB Locker?
CTB-Locker or Critroni is a ransomware infection that is installed by a Trojan horse that resides inside your PC. The infection encrypts the user’s files and demands payment for the decryption. It creates three files (AllFilesAreLocked 1716900.bmp, DecryptAllFiles 1716900.txt, and sunlrad.html) to explain what happened to your computer and to present the demands of your attackers. These instructions are written in English and Russian. The criminals demand to pay 24 USD in bitcoins in order to regain access to your data. We do not recommend to pay the people that are responsible for the infection, because there is no guarantee that the files will be decrypted. Instead, you should focus on CTB-Locker removal.
What does CTB Locker do?
As we explained before, CTB-Locker gets inside the user’s computer with a help of a Trojan which infiltrates the system via pornography websites. The Trojan may stay unnoticed inside the PC for a long time, since its process is named Adobe Flash Player 10.3 r183 and most users think that it is another program that helps to watch videos. The file of the Trojan is also hard to notice, because it consists of randomly picked numbers. To detect such intruder you need to use a legitimate antimalware which we recommend to employ to delete CTB-Locker.
Once CTB Locker enters your PC, it starts encrypting the files. The infection will effect the files with .mp4, .pem, .jpg, .doc, .cer, .db, and other extensions. To decrypt the files you need a key which is kept in some server belonging to the hackers that attacked you. It is almost impossible to recover the files another way. Even if you pay the money, it is not likely that attackers would give you the key, so unless you have a backup, these files are lost. However, the malware is still inside you computer and you must eliminate CTB-Locker.
Moreover, the malware also removes the explorer.exe terminating the interaction between the interface of the operating system and the user. Consequently, the screen of the computer temporarily becomes black. If you wants to undo these changes, you have to reboot the PC. After you reboot your system we recommend to immediately connect to the Internet and to install a legitimate antimalware. The security tool will get rid of CTB Locker and will protect your computer in the future. A constant presence of a reputable antimalware is absolutely necessary.
How to remove CTB Locker?
CTB-Locker is a malicious infection and its removal must be your priority. We advise you not to try to remove CTB-Locker by yourself, because even the smallest mistake can have serious consequences. The CTB-Locker removal process is way too complicated to perform for inexperienced user. The safest option is to use a powerful antimalware and to let it delete CTB-Locker. The same security software should also stay inside your PC for malware prevention.