The CryptoLocker malware is discovered by Dell SecureWorks. When infecting a host, the malware encrypts the files on the hard drive, then it prompts the user to pay a ransom to the developer in order to receive the decryption key.
CryptoLocker targeted computers running Microsoft Windows. The malware infects email attachments in the form of a .zip file that contains an executable file with the filename and the icon disguised as a .pdf file, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the real .exe extension.
When activated, CryptoLocker will install itself in the user profile folder and adds a key to the registry to make the malware run on startup. Then, the malware generates a 2048-bit RSA key pair to encrypt certain types of files stored on local and mounted network drives. After the encryption is completed, the malware then displays a message which offers to decrypt the data if a payment is made by a stated deadline.
If the deadline passes, the malware then offered to decrypt the data via an online service provided by the malware's developers, for a higher price.
A screenshot of the malware's message can be seen below:

CryptoLocker propagated via infected email attachments. Although the malware itself can be easily removed, the affected files remained encrypted in a way that is difficult to decrypt.
Many affected users said that the ransom should not be paid. Others that were paying said that this was the only way to recover their files. Some others however, claimed that paying the random didn't always lead to the files being decrypted.
In June 2014, The United States Department of Justice officially announced that Operation Tovar, a consortium group of law enforcement agencies (including the FBI and Interpol), security software vendors, and several universities, has isolated the malware in an operation called Operation Tovar. The operation took down the Gameover ZeuS botnet that had been used to distribute the malware. During the operation, a security firm involved in the process obtained the database of private keys used by CryptoLocker, which was then used to build an online tool for recovering encrypted files without ransom.
The Department of Justice then publicly accused Russian hacker Evgeniy Bogachev for his alleged involvement in the botnet.
CryptoLocker was regarded as the first true ransomware, and believed to successfully extorted a total of around $3 million from victims.














































































































































































































































































































































































