New Virus Infection!

CTB Locker virus

The CTB Locker virus (Curve-Tor-Bitcoin Locker virus) is dangerous malware and a cryptovirus found in the ransomware category of computer infections similar to the FBI virus. Most versions of the CTB Locker virus use tactics to lock a computer system or internet browser and will claim to have encrypted a computer’s files, in order to scare victims into paying a fine or ransom using Bitcoin or other online services.


The CTB Locker virus may in fact encrypt a computer’s files and may use a screen or window to display a message that includes unethical instructions to acquire a key (RSA KEY) in order to decrypt files. In some cases there is no way to recover encrypted files locked by this ransomware, aside from performing a backup that was created before the infection.


A common message displayed by several versions of CTB Locker ransowmare is detailed below:

All files including videos, photos and documents on your computer are encrypted by Crypto Software.

Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.

The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a month. After that, nobody and never will be able to restore files.

In order to decrypt the files, open your personal page on the site and follow the instructions.

If is not opening, please follow the steps below:

1. You must download and install this browser

2. After installation, run the browser and enter the address: rj2bocejarqnpuhm.onion/XXX

3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.

As you can see, the messages displayed by CTB Locker malware are meant to scare victims into purchasing CTB Lockers in order to pay the fraudulent fine.

How does CTB Locker ransomware get onto a computer?

The CTB Locker cryptovirus infection can be contracted via suspicious downloads including freeware, shareware, codecs, torrents, and more, and is also promoted in malicious advertisements and search results.

The CTB Locker virus may be present in exploit kits and may gain access via trojan horses hiding on malicious websites.

Unfortunately, we cannot decrypt infected files, all we can do is remove the virus and remove encrypted files. Best thing we recommend to do is utilize a cloud storage such as DropBox and Google Drive. Both offer tons of storage around 1 TB for $10/month. By using one of these storage providers you have access to your files anywhere you have internet, so that means no flash drives or portable hard drives are needed. You even have access to these via your smartphone as they offer mobile apps. You never have to worry about losing files because of a defective hard drive or in this case virus infections.