CryptoLocker, detected by Sophos as Troj/Ransom-ACP, is a malicious program known as ransomware. Some ransomware just freezes your computer and asks you to pay a fee. (These threats can usually be unlocked without paying up, using a decent anti-virus program as a recovery tool.)
CryptoLocker is different: your computer and software keep on working, but your personal files, such as documents, spreadsheets and images, are encrypted. CryptoLocker reveals itself only after it has scrambled your files, which it does only if it is online and has already identified you and your computer to the encryption server run by the criminals.
The criminals retain the only copy of the decryption key on their server – it is not saved on your computer, so you cannot unlock your files without their assistance. They then give you a short time (e.g. 72 hours, or three days) to pay them for the key.
The decryption key is unique to your computer, so you can’t just take someone else’s key to unscramble your files. The fee is $300 or EUR300, paid by MoneyPak; or BTC2 (two Bitcoins, currently about $280).
Watch the video below to see CryptoLocker in action. To understand how CryptoLocker goes about its dirty work, please see this step-by-step description.