When first run, the payload installs itself in the user profile folder, and adds a key to the registry that causes it to run on startup. The payload then encrypts files across local hard drives and mapped network bitcoin vector with the public key, and logs each file encrypted to a registry key. Cryptolocker: How to avoid getting infected and what to do if you are”. Leads Multi-National Action Against “Gameover Zeus” Botnet and “Cryptolocker” Ransomware, Charges Botnet Administrator”.
New Site Recovers Files Locked by Cryptolocker Ransomware”. Cryptolocker victims to get files back for free”. Blackmail ransomware returns with 1024-bit encryption key”. Australia specifically targeted by Cryptolocker: Symantec”. The decryption key is on your hard drive”. Australians increasingly hit by global tide of cryptomalware”. Scammers use Australia Post to mask email attacks”.