The first encryption ransomware appeared in


Since January 2009, the number of ransomware versions has increased by about


Currently, Trojan.Encoder programs (Cryptolockers) are one of the most dangerous threats for users. This Trojan family includes several thousand modifications.

Since mid-April 2013, Doctor Web's virus laboratory has received more than 40 000 decryption requests to restore files affected by Trojan encoders, and now receives over 4 000 requests a month.

In November, 2015 the number of requests submitted to Doctor Web’s technical support service for decryption from the Trojan.Encoder malware family reached 60% of the total number of requests made. And the vast majority of requests are from users of other anti-viruses.

Trojan.Encoder programs (Cryptolockers) use dozens of different encryption algorithms of users’ files.

For example, it will take

107902838054224993544152335601 years

to simple search a key to restore files compromised by Trojan.Encoder.741.

According to Doctor Web’s statistics, the probability of restoring corrupted files is roughly 1%.

That means that most of user data has been lost for good!

Today criminals demand up to 20 bit coins for decryption.

1bit coin is equal to 6459,54 euros or 7167 dollars.

A demanded ransom can reach 143 340 dollars.

Even if you pay your attacker a ransom, there is no guarantee that you’ll get your data back.

Things can even get rather peculiar. In one situation, a user paid a ransom to their attackers, but their attackers could not decipher the files encrypted by their own Trojan.Encoder (Cryptolocker), and advised the user to seek help… from Doctor Web's technical support service!

Decryption is available free of charge for users of commercial Dr.Web licenses.

In over 90%
of the incidents users launch encryption Trojans on their own computers themselves.

Dr.Web Security Space (version 9+) comes with a simple solution to the problem of data security—the “Data Loss Prevention” feature.

And, even if a Trojan gets to your files, you will be able to restore them on your own without having to request support from Doctor Web.

Unlike common backup programs, Dr.Web creates and protects backup storage from intruders.

If you are out of luck and your files have been encrypted by the Trojan, and Dr.Web was installed on your PC when it got infected, contact Doctor Web’s technical support service to decrypt them:

  • Do not use the infected computer until you receive instructions from Doctor Web's technicians, even if you need it for your business.
  • Do not attempt to reinstall the operating system!
  • Do not attempt to remove any files or programs from the disk!
  • If you have started a virus scan, do not take any irreversible actions including curing/removing the malware. Consult Doctor Web's specialists before you do anything with the found viruses/Trojans, or at least keep back-up copies of all the discovered malware; they may be necessary to determine the key to decrypting the data.

Visit Legal sеction to learn how to submit a request to Doctor Web’s support service

We strongly recommend that you file a report with the police in case of infection.

Thank you for taking the time to familiarise yourself with these materials.