CTB Locker Virus – Infected with CTB locker Virus?

Call us at 1800-102-3232 or Contact us here. We're happy to help you.

CTB locker (Curve-Tor-Bitcoin Locker) or Critroni, is an example of file – encrypting ransom ware infections. This Virus encrypts your data files, locks them, and then make them inaccessible to you. Once it infects your files, it asks you to pay ransom to recover your data. That's like a professional blackmailer, who hostage your data and ask you to fulfill his demands to release your data. It has been designed specifically for all version of Windows operating system, and was introduced in July'14.

Let us look at some of the functions of a CTB Virus

Most common ways of reaching this Virus in your system are through Spam emails (which are sent in different languages). Often these emails pretend to be some important notices, a lottery notifications, etc. So next time you receive any email saying, important – Notice or you have won $XXXXX etc., beware you may have just received an email inviting CTB virus to encrypt your important data.

One example of such an email here:

CTB locker virus

In July'14, CTB virus was allowing 72 hours to make the payment for ransom amount. However, the new version now gives 96 hours for payment. The reason for extension in deadline may be because of some victims to pay the fee. Additionally, an alert message that continuously appears on your screen, to remind you about the payment, is to create panic, so that you make the payment; else all your infected files are going to be deleted permanently. Let's have a look at deadline extension, which CTB has made in the new version.

CTB virus example

CTB Bitcoins

Another update that CTB has done in the new version is; it allows you to recover five files for free. Once you see your five files decrypted, it gives you another message, that you can recover all your data; all you need to do is make Payment for ransom amount. CTB Virus has attacked people globally. It also has a language option, where you can select a language like Italian, German, and Dutch, apart from English, to read the alert messages.

CTB virus example

How will you come to know, that CTB Virus has attacked you?

Check following points, if CTB Locker has hijacked your computer, here are the symptoms:

  • All your files become inaccessible
  • You may start seeing a warning message of the encrypted file, ask to pay a ransom amount for decryption.

How CTB virus works

  • Once CTB virus arrives on your computer, it will scan all the data files available on your PC and search for specific files. When the virus has discovered all the required files, it starts encrypting them with the help of (elliptical curve cryptography (ECC) and make them inaccessible to you.
  • Then to save the encrypted files, it uses any random file extension. In earlier version it was using CTB or CTB2 extension to complete this process.
  • After successful encryption, CTB Locker will show a ransom screen that informs you about the encrypted data and prompts to follow the instructions available on the display and show the way how to pay the ransom amount to CTB.
  • Additionally, it will also change your wallpaper, which includes all the further instructions of the payment process. Finally, in the end, it will create a .txt and .html files as well, which also have instructions for the process to access malware's site to pay the ransom.

Note: CTB virus is designed for all the versions of Windows such as Windows XP, Vista, 7 and 8. You can confirm the attack or infection of CTB virus by opening the %MyDocuments%.html file. Unfortunately, there is no way to decrypt those encrypted files without paying a ransom.

Tips to avoid CTB virus

  • The first thing to protect your file from CTB attack is properly identified the spam emails from authentic ones. The best way to do this is to check the sender's email address, subject line, and the content before opening the mail.
  • Pay more attention, while dealing with unfamiliar files, emails, URLs, and email attachments. Moreover, there is no guaranty of decryption even after payment.
  • The best way to avoid this attack is to take regular backup of your files at a separate location.

Process to remove the CTB Locker virus.

Unfortunately, if your computer has been infected by CTB Locker Virus, then there is no way to decrypt the encrypted files. Even a powerful antivirus scan can recover the affected files. We spend most of our time on the Internet and we really need to know what threats there are to your online safety and precautions that should be taken to protect yourselves. These viruses are strong and have far more serious implications than Computer crashing, identity theft, bank fraud, data corruption can have long lasting ramifications. The best way to recover from these virus encrypted files is to go for a professional Data Recovery Service. We are Stellar have been able to retrieve data successfully from files/ data affected by CTB Locker virus.

Stellar has 22 years of data recovery experience and is trusted by over 2 million customers. We offer accurate and cost effective Data Recovery from CTB Locker infected files and folders. We have the team of experts who use latest techniques and CLASS 100 Clean Room that offer 100% guaranteed recovery.


This is a sign that, your computer has been infected by CTB locker virus. CTB virus encrypts files in your system, and when you try to open your file, sometimes, files will open with a randomly generated set of characters, e.g. filename.pdf will be filename.pdf.ghtbcv. In some cases, the file may open but the data will not be displayed properly.

Yes, your data is recoverable.

CTB virus is ransomware, once it encrypts your files, it asks for ransom/money to decrypt your files. CTB is a strong virus and even the most resilient Anti-Virus software cannot prevent your data from a CTB virus attack.

You need an effective data recovery service from specialists who can help you in recovering your data/files back.

Objective of CTB ransomware is to make money from you. Ransomware means a kind of software/infection that block or encrypt files on the user's system and asks for payment to be made in order to regain the files. Once your system is affected by CTB, it will be placed on your system screen; every time you restart your system, it will appear on your screen, and a message will pop up to buy decryption key to decrypt the files. The infection prevents you to use your system and certain measures are required for its immediate removal.

There are chances that you will get your data recovered by paying the amount, but by doing this you might be funding criminal activities. This should be considered last option, as there is no guarantee that you will recover all your encrypted data.

You should always prefer professional data recovery service provider; like Stellar. As we work on No recovery - No charge policy; if we are not able to recover your data, we won't charge you.

CTB stands for "Curve-Tor- Bitcoin", the definition encompasses meaning of the core technology required to make this Virus/Ransomware.

"Curve" is Elliptic Curve Encryption, which happens to be strongest encryption based on a large number of theories this makes it impossible to decrypt.

"Tor" Stands for Onion Router Network, an undetected form of communication network.

"Bitcoin" means the currency extorted from the victims, this is impossible to trace.

CTB is well known and used by fraudulent to take money from unsuspecting users. It is sent via email that has malicious attachment or web link. When the users download it, the ransomware is installed and unlike the viruses it does not spread immediately. It takes time and encrypts the important files. Once it completes the encryption the files are inaccessible to the user.

Preventive Measures

  • Do not follow malicious links in email messages or submit any information to webpages in any links.
  • Keep your operation system and software up- to date with latest patches.
  • Take a regular back up of your system and data files
  • Block attachment types at the Email Gateway level (.SCR,. CAB, EXE)

The charges depends on the extent of damage done on the media, only the data recovery specialist can analyze and provide and detail estimation of the charges. Contact us for free consultation.

No, it does not have any damaging consequence on the emails, although email is the main source of CTB virus. It mainly encrypts the files available on the system.

The virus mostly affect the files in your system, CTB virus does not corrupt or damage software

Whatsapp Icon WhatsApp 958 256 3636

Helpful Links

Data Recovery Nearest Branch

Please select your Zone for Stellar Lab Locations


Stellar Data Recovery Process

During the initial consultation, Our data recovery experts will take down your case details

Step 1
Free phone consultation

Free phone consultation

Step 2
Media Analysis

Media Analysis

Step 3
Data recovery Process

Data Recovery & Verification

Step 4
Data Delivery

Data Delivery

At Stellar We Help You Recover Your Business Call your nearest Lab