CTB Locker Ransomware: What it is, how it spreads, and how to recover safely

CTB Locker

What it is

CTB Locker is crypto-ransomware first seen in 2014. Once it lands, it encrypts your files and drops a note demanding payment to unlock them. It often hits Windows PCs through convincing lures and fake updates.

How it spreads

  • Phishing emails with booby-trapped attachments or links

  • Deceptive downloads (e.g., fake “Flash/codec” updates)

  • Bundled installers from sketchy sites

What you may notice

  • Files won’t open and may get new extensions

  • Ransom notes appear on the desktop and in many folders

  • CPU/disk spikes; security tools crash or get disabled

If it hits - act fast:

  1. Isolate the machine (turn off Wi-Fi/unplug network; disconnect external drives).

  2. Keep ransom notes/logs—they help recovery and investigation.

  3. Check offline backups; rebuild the system clean and restore data.

  4. From a clean device, change passwords and enable MFA.

  5. Block related domains/IPs and review how it got in.

Prevent it

  • Patch Windows and apps; remove/lock down unused remote access.

  • Use reputable EDR/anti-malware and email/web filtering.

  • Keep offline, tested backups and practice restores.

  • Train users to spot phishing and fake update prompts.

  • Least-privilege accounts; MFA everywhere.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Clop Ransomware

        What it is Clop is big-game ransomware: attackers break into a network, encrypt files, and demand payment to unlock them—often with data theft first to pressure victims (double extortion). It mostly targets Windows environments and larger ...

      • CryptoLocker Ransomware

        What it is CryptoLocker is ransomware that breaks into a Windows PC, hunts for documents (on the computer and connected drives), encrypts them with strong keys, and then demands a payment to unlock your files. You’ll see a ransom note saying your ...

      • BabLock Ransomware

        What it is (in plain words): BabLock is ransomware that breaks into Windows and Linux systems, scrambles (encrypts) your files, and demands payment to unlock them. It typically goes after small and mid-size businesses where one infected PC can ...

      • Cerber Ransomware

        What it is Cerber is ransomware run like a business (“RaaS”). The operators rent the malware to affiliates, who break in, encrypt files, and demand payment—then share the profits with Cerber’s creators. How it spreads Phishing emails with ...

      • Djvu (STOP) Ransomware

        What it is Djvu - also called STOP - is ransomware that breaks into Windows PCs, encrypts your files, and adds new extensions (often .djvu, .stop, or a variant). A note then demands payment in crypto to unlock them. For details and removal tips, see ...