Cryptolocker is particularly nasty ransomware that uses a 2048-bit RSA key pair, uploaded to a command-and-control server, which it uses it to encrypt or lock files with certain extensions, and delete the originals. Once files are locked, Cryptolocker then threatens to delete the private key needed to unlock the files if payment is not received within three days.
Cryptolocker demands that payments be paid in the form of Bitcoins, CashU, Ukash, Paysafecard, MoneyPak or pre-paid cash vouchers. If payment is not received in three days victims are usually given a second opportunity to pay a much higher ransom to get their files back.
The cost to retrieve files from Cryptolocker vary over time and with the particular version being used. Initially victims are charged $100, €100, £100, two Bitcoins or other figures for various currencies. The payments have increased over time to 2 Bitcoins or about $460, if the original ransom isn’t paid before the deadline, Cryptolocker gives its victims a second opportunity to pay 10 Bitcoins ($2300) to use a service that connected to the command and control servers. After payments are received, the first 1024 bytes of an encrypted file are uploaded to the server and the server would then search for the associated private key.
CryptoLocker infected over 250,000 machines within the first four months it was released in September 2013. Four Bitcoin accounts associated with CryptoLocker were discovered and it was discovered that 41,928 Bitcoins had been moved through those four accounts between October 15 and December 18, 2013. Given the then current price of $661 per Bitcoin, that would represent more than $27 million in payments received, not counting all the other payment methods.
The enormous success cybercriminals had with CryptoLocker ransomware encouraged many cyberthieves to create copycat software like, Locker.
In December 2013, just four months after CryptoLocker was unleashed CryptoLocker 2.0 was released. CryptoLocker 2.0 only accepts payments via Bitcoin and locks users out of even more file types including images, music and video files, which the original CryptoLocker skipped.