You’ve probably heard of CryptoLocker, the highly-successful ransomware which encrypts your PC’s files and demands a ransom of $300 in order to access those files.
Like anything successful in this world, CryptoLocker spawned a wave of copycats – including a piece of ransomware called CryptoDefense.
CryptoDefense uses the same basic strategy as CryptoLocker and encrypts users’ files before demanding a ransom. The ransomware has made its developers an estimated $30,000+ per month from users in the United States, Canada, and the United Kingdom.
Fortunately for you, CryptoDefense isn’t nearly as difficult-to-remove as CryptoLocker. Unlike CryptoLocker, CryptoDefense features a hidden security hole that lets you decrypt your files without ever paying the ransom price.
That’s right: a recently-discovered security hole has shown that CryptoDefense leaves the decryption key on infected users’ PCs after it’s removed. You can use this decryption key to decrypt your files and restore access to all your files.
After being infected with CryptoDefense, you’ll see the following warning message:
That scary message isn’t as scary as the CrypoDefense price: the malware charges $500 US or 500 Euros in order to unlock your files. If you don’t pay that fine by a specific date, then the fine will double and your files will remain locked.
Want to outsmart these criminals? Here’s how to do it:
Go to Application Data > Application Data > Microsoft > Crypto >RSA folder
Open the encryption key file and use that key to unlock your files. Once you’ve done that, uninstall the ransomware using antivirus software or malware removal tools.
Unfortunately, CryptoLocker doesn’t feature the same security hole, and your files will remain encrypted after removing CryptoLocker, which is why it’s been called the most effective ransomware in history.
The developers of CryptoDefense will likely fix this glitch as soon as possible, so it won’t work for long. However, it’s a small glimmer of hope in the otherwise bleak world of ransomware infections. If you’ve been infected with CryptoDefense, then your files are not completely lost.