CTB-Locker is a ransomware designed to scan and encrypt your files. After the files are encrypted, they become inaccessible and you will not be able to open your files, until unless they are decrypted. After the files are encrypted, they are renamed and an extension is added at the end of the files. Example: heron drive 932003.JPG.itkvsqj
CTB-Locker users a very strong encryption making decryption impossible without a key.
The creators of this ransomware have setup a page, legally not allowed and only accessible via tor clients where they want the user to go and pay money. Files may be important, but it is not worth dealing with the scammers. My advise in future would be to have a back up in place.
In this guide, i will walk you through the process which may help recover files if shadow copies are available but before you do that we need to ensure that the PC is clean of the virus so that it does not gets reinfected.
To begin, reboot your computer into Safe Mode with Networking:
For Windows XP/7/Vista Users
1) Restart the computer and repeatedly tap F8 key until you see the advanced boot menu
2) Select Safe Mode with Networking
Once done, reboot the PC back into Normal Mode (simply restart it). Download and Install Shadow Explorer.
1) Open Shadow Explorer and from the drop down list select the point in time when the PC was not infected with CTB
2) Right click on your folders the one you want to recover and select Export. Save it to an external drive if possible so that you eliminate the risk of losing it again.