recoverying data after CTB locker infection


Hello, have you heard of the new outburst of CTB locker ransomware. Is that true that it does not destroy Sadow Volume Copies so that Windows users, if infected, can easily restore encrypted data from backups  (cited from ,  'A ray of hope for those infected is that CTB Locker may reportedly fail to delete the Shadow Copies of their data. This opens up a rather effective vector of recovery that might do the trick without paying'.) ? Is F-secure good in combating crypto ransomware, at leat in preventing data losses?

Thank you for your advice!


  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hi Sevarez,


    We have indeed heard about the variant of CTB-Locker that is possible to be decrypted due to a flaw in their encryption. Unfortunately, this at the moment, does not present a 100% recovery rate. We would still strongly advise users to restore their data from backup.

    As for protection against ransomware, our product is indeed capable of doing so. We have an extensive list of detections to cover different variant of ransomware infector and dropper. At the same time our proactive engine, DeepGuard, is capable of monitoring and blocking execution of the ransomware executable in case it lands on your machine. To further protect our users, we block known download URLs of ransomware through our Browsing Protection. With these functionalities in our product, we should be able to protect most of our users.

    However we need to realize that despite the technology being there, users should always be aware of what they are clicking/downloading online. Even with the different protections in place, a wrong click of allowing a download to start or the executable to run would leave the technology useless. Therefore, user awareness should always take place first.

This discussion has been closed.
Pricing & Product Info