- Can't be uninstalled via Control Panel
- Installs itself without permissions
- Changes background
CTB-Locker is a dangerous ransomware infection which decrypts files on the computer and displays a so-called ransom warning, according to which the user of the target computer has to pay a certain amount of money in order to decrypt the files. The ransomware infection CTB-Locker is downloaded to the computer by a Trojan horses, which gets on the computer when browsing adult-oriented websites or insecure video and file sharing websites.
The Trojan horse is installed as a randomly named file, and it creates a process called Adobe Flash Player 10.3 r183. As soon as the CTB-Locker is downloaded, various files, including .doc, .jpg, .mp4, .db, .cer, .pem, and many others are encrypted by the ransomware infection. The ransomware infection creates 3 files, which include AllFilesAreLocked 1716900.bmp, DecryptAllFiles 1716900.txt, and sunlrad.html. Bear in mind that the numbers in the file names vary on different computers. These files contain the instructions which are supposed to be followed by the user of the victimized computer.
According to the warning, the user of the victimized computer has to buy bitcoins, worth approximately 24 USD, and make an online money transaction. In order to pay the attackers the ransom, the user is required to download the Tor Internet browser.
During the execution of CTB-Locker, the file exeplorer.exe, which is responsible for the interface of your operating system, is killed, resulting in the changes of the desktop background. Instead of your wallpaper and Task bar, all that you will see is a black screen with a warning saying that you have 72 hours to pay up. In order to restore the desktop icons and Task bar, you have to reboot the computer, but bear in mind that your files remain encrypted.
After rebooting the computer, you should download and implement a powerful security tool in order to get rid of the Trojan responsible for the installation of CTB-Locker. Our team recommends using SpyHunter because this real-time security program can remove the infection and safeguard the system against multiple Internet-based computer threats, including other ransomware infections, Trojan horses, browser hijackers, and adware.
As regards the decryption of your files, it is important to note that you should back up your data from time to time because it impossible to decrypt your files without paying the money demanded. We advise you against paying the so-called ransom fee because there is no guarantee that your data will be restored. Moreover, you should always keep the computer protected against malware so that infections such as CTB-Locker do not attack your computer.