CTB-Locker. Like Cryptolocker But Worse.

Cryptolocker was insanely successful.  It extorted millions of dollars from home and business users.  Like all successful software, upgrades were bound to happen.

Meet CTB-Locker ( a.k.a – Critroni ).

CTB-Locker stands for Curve Tor Bitcoin Locker.  Here are some of the new features at a glance:

  • Hides from authorities by communicating to command and control over the TOR anonymous network.
  • Uses elliptic curve cryptography for encrypting your files.  This encryption is a lot faster than cryptolockers, so once it get’s on your PC or mapped drives it has a better chance of encrypting more files, faster (doing more damage).
  • Accepts payment to unlock your files via bitcoin.
  • Blocking TOR traffic only prevents users from paying, CTB still encrypts the files.

Preventing and mitigating CTB-Locker.

  1. Install a good antivirus (like Kaspersky/Bit Defender).  Keep it patched and updated.
  2. Install Malwarebytes Premium as a second line of defense.  It’s only $25/year.
  3. Always install your Windows updates
  4. Backup your files daily to an external hard drive.
  5. Backup your files via something like Carbonite (if your PC does get hit by something like CTB call Carbonite immediately so they can freeze your backup).


8 Responses to CTB-Locker. Like Cryptolocker But Worse.

  1. Michael Hazell (Techman) July 23, 2014 at 8:11 pm #

    Sometimes I wish that basic PC users just used something like Ubuntu, because it can cover their needs.

    • James July 25, 2014 at 8:55 pm #

      I agreed! but how many average users aware of Linux and somewhat a steep learning curve deter the windows users.

  2. Porschepaj (@porschepaj) July 30, 2014 at 5:51 pm #

    Great news! 😀
    Say, Matt, how many times have you dealt with Cryptolocker and other related ransomeware while on the job?

  3. john August 6, 2014 at 2:45 pm #

    Matt, Can you share this. CryptoLocker Decryption Tool released


    • scott2111Scott August 17, 2015 at 9:14 pm #

      I am a professional photographer. A few weeks ago my computer was attacked by CTB-LOCKER the one with the black screen and code KEY. Proven Data Recovery has been able to identify the VARIENT of the virus I have. It is – RSA-2048 CTB-Locker encryption virus.

      They want 2,600 for the decryption of 300 image files that this virus has encrypted on a SD CARD. The computer still reads close to 900mb of data on the card and I have been told by multiple sources that there is a chance my images are still there, but I have had no luck and it’s going to take me quite some time to come up with this money so in mean time I am exploring other options and learning more about computers and code than I would otherwise have never cared to.

      It angers me to no end that people can actually even do this. That they can hurt total strangers in this away. Hurt their jobs. Effect their lives just for the sake of doing so and then dangle our data in front of us so we freak out and jump. I refuse to pay this RANSOM and it is frustrating to no end that the supposed GOOD GUYS want WAY THE HELL MORE!! It’s very backwards to me and does not seem right. It is almost impossible to get a simple strait answer from people in this area and there is a lot of double talk and I have bad a couple people remote access my computer and I see them try things even I have tried.

      The files that are blocked were never on my hard drive. I didn’t even have time to make a hard copy. One moment they were find and the next they were encrypted. I have done 2 system restored and a factory restore and computer has updated protection but the files remain locked on my card.

      Is there any effective decryption for CTB-LOCKER – RSA-2048 CTB-Locker encryption virus

      What are the odds? Is it even worth saving all this money for these people? He did ID the variant. Even that came as a shock. It’s all I have to go on. Maybe, if you think you have a solution for me of course I would be willing to work put pay arrangement but I would need to see at lest SOME proof. Maybe do one or two that I can see. There are 300 on the card and I am really quite desperate for this material, or to be told convincingly and enough times that all hop is lost. I am not at that point yet.

      Thanks for your time



  4. Fred Weigel August 30, 2014 at 1:06 am #

    Have you heard about another trojan that was reported in early August called, “Poweliks”!
    It is a nasty one that uses the registry and hides a registry key and is almost impossible to remove! Malwarebytes says it finds it and removes it but when the computer is rebooted, it is right back again!

  5. ballader1 August 31, 2014 at 1:34 pm #

    Kaspersky Internet Security now protects againist CryptoLocker-like viruses not by simply detecting them but by making regular backups of your file so they can be restored automatically when the threat is detected. All that thanks to the updated System Watcher module. You can read more about it on Kaspersky’s website… as you can see Matt has a reason for recommending Kaspersky. The tool from thewindowsclub that john provided doesn’t work in many cases and the website itself explains that.

  6. Anne Richart January 17, 2015 at 8:06 pm #

    I have a solution for the bastards that operate CTB-Locker. Don’t use your computer and don’t let anyone else. Give your fingers and the Internet a break and spend some real time enjoying some peace of mind. Take a 20 minute brisk walk instead of hours on your computer trying to get rid of all the crap that’s embedded into your files. Good luck. Enjoy some fresh air.

Leave a Reply