Crypto Locker EU Ransomware

Crypto Locker EU Ransomware Overview
Crypto Locker EU is a ransomware strain that originates from the original CryptoLocker malware family. From the initial security tests we can conclude that the virus has been crafted by an inexperienced developer. It follows a predefined pattern of placing affected files in the Crypto Locker EU and the AppData folders. They may be of different file types, including  .dat, .html, .exe, .lnk, .bmp, .txt.

The virus engine may also create several registry entries in the following key locations:
 * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
 * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
 * HKEY_LOCAL_MACHIN\Software\Microsoft\Windows\CurrentVersion\Run\
 * HKEY_LOCAL_MACHIN\Software\Microsoft\Windows\CurrentVersion\RunOnce\

The affected encrypted data is renamed using the  .send 0.3 BTC crypt.

Crypto Locker EU Ransomware Affected Extensions
"7z .rar .m4a .wma .avi .wmv .csv .d3dbsp .sc2save .sie .sum .ibank .t13 .t12 .qdf .gdb .tax .pkpass .bc6 .bc7 .bkp .qic .bkf .sidn .sidd .mddata .itl .itdb .icxs .hvpl .hplg .hkdb .mdbackup .syncdb .gho .cas .svg .map .wmo .itm .sb .fos .mcgame .vdf .ztmp .sis .sid .ncf .menu .layout .dmp .blob .esm .001 .vtf .dazip .fpk .mlx .kf .iwd .vpk .tor .psk .rim .w3x .fsh .ntl .arch00 .lvl .snx .cfr .ff .vpp_pc .lrf .m2 .mcmeta .vfs0 .mpqge .kdb .db0 .DayZProfile .rofl .hkx .bar .upk .das .iwi .litemod .asset .forge .ltx .bsa .apk .re4 .sav .lbf .slm .bik .epk .rgss3a .pak .big .unity3d .wotreplay .xxx .desc .py .m3u .flv .js .css .rb .png .jpeg .txt .p7c .p7b .p12 .pfx .pem .crt .cer .der .x3f .srw .pef .ptx .r3d .rw2 .rwl .raw .raf .orf .nrw .mrwref .mef .erf .kdc .dcr .cr2 .crw .bay .sr2 .srf .arw .3fr .dng .jpe .jpg .cdr .indd .ai .eps .pdf .pdd .psd .dbfv .mdf .wb2 .rtf .wpd .dxg .xf .dwg .pst .accdb .mdb .pptm .pptx .ppt .xlk .xlsb .xlsm .xlsx .xls .wps .docm .docx .doc .odb .odc .odm .odp .ods .odt"

Crypto Locker EU Ransomware Note
CryptoLockerEU 2016 rusia Your important liles encryption produced on this computer:photos,videos,document,etc. Encryption was produced using a RSA-2045bit !! To Obtime the private key for this computer, which will automatically decrypt files, you have to send 0.3 BTC to bitcoin adres 14bPTE6DVpx8Vrzk1wt3M8XsJ5YU3ebzKo You will receive your private key + software within 2 hours. You have just 7 days before the private key (password) is deleted https://www.coinbase.com/buy-bitcoin https://cex.io/buy-bitcoins – transfer 0.3 BTC 14bPTE6DVpx8Vrzk1wt3M8XsJ5YU3ebzKo VIRUS ID: {CUSTOM ID} – on add email – we send password + software decrypt (now) – Messengers verification emal – Payments email (bitcoin) Send : virus id+Bitcoin payment (verification) decryptme.files@mail.ru europol.eurofuck@yandex.com super.decryptme2016@yandex.com efwerez2015@yandex.com

Crypto Locker EU Ransomware Distribution
The actual ransomware binary may have a randomly-generated name. The CryptoLockerEU ransomware strain is distributed mainly via spam email messages

Crypto Locker EU Ransomware Removal
In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.