Tricks: Remove CryptoLocker Portuguese Ransomware and Restore Encrypted Files

CryptoLocker Portuguese Ransomware – Basic Information

New variant of CryptoLocker is in the wild, dubbed as CryptoLocker Portuguese Ransomware that enciphers important files and offers a deal to the victims – pay off ransom and get decryption key. The ransomware is aimed at Windows users in Portuguese-speaking countries like Brazil, Angola, Portugal, and Mozambique. Apparently, CryptoLocker Portuguese Ransomware is a cryptomalware, powered by a personalized build of the open-source AES and RSA encryption algorithms. Since, the ransomware is developed under guidance of professional malware developers, it is capable enough of avoiding security scan in order to stay inside Windows for a very long time.

CryptoLocker Portuguese Ransomware

Furthermore, you should note that CryptoLocker Portuguese Ransomware scans local disk and mounted network drives and makes a list of targeted data containers on the affected computer. Basically, this ransomware virus targets important files associated with Microsoft office, Adobe Photoshop, Photofiltre Studio, AutoCAD, SQLite, Oracle, Java, Adobe DreamWeaver, Microsoft Visual Studio etc. These software create most useful files for various projects. When CryptoLocker Portuguese Ransomware enciphers files, infected files appear in a different format – [File_Name]id-[RANDOM NUMBER][email protected]_. For instance, ‘SAMPLE.png’ will be transcoded as ‘[email protected]’ on your local disk or removable drives. Often, CryptoLocker Portuguese Ransomware displays a ransom message in Portuguese language automatically but you can see the ransom note manually by finding a file named COMO_ABRIR_ARQUIVOS.txt on desktop or inside folders having enciphered files.

Threat actors goals behind releasing CryptoLocker Portuguese Ransomware

The purpose of threat actors behind distributing CryptoLocker Portuguese Ransomware is to boost Bitcoin Wallet balance and gain financial strength for their organization. According to ransom message, CryptoLocker Portuguese Ransomware invites victims to take advantage of offered deal – pay off ransom and get decryption key. They suggest victims to email on [email protected] or [email protected] in case they want to get back their files. Threat actors demand thousands of dollars via Bitcoin wallet on the TOR network. However, there is no evidence that after getting paid, they have delivered decryptor to the victim. Hence, security experts at RMV recommend against making ransom payment to anonymous attackers.

Moreover, experts suggest victims to restore their files using Backup copy or System Restore Point. If you find these options not useful then you can use Data Recovery software to get back original files. But, it is strictly advised not to make contact with ransomware employer.

Therefore, you should remove CryptoLocker Portuguese Ransomware from your computer before proceeding file restoring methods. To avoid this infection in future, you should never double click spam emails attachments, also your should never install updates from unexpectedly redirected domains. Most importantly, you should always keep your Antimalware software up-to-date and activated to get real time protection against CryptoLocker Portuguese Ransomware and other latest threats.

CryptoLocker Portuguese Ransomware Removal Info (Video Guide) – YouTube

Free Scan your Windows PC to detect CryptoLocker Portuguese Ransomware


Free Scan your Windows PC to detect CryptoLocker Portuguese Ransomware

A: How To Remove CryptoLocker Portuguese Ransomware From Your PC

Step: 1 How to Reboot Windows in Safe Mode with Networking.

  • Click on Restart button to restart your computer
  • Press and hold down the F8 key during the restart process.

Step 1 Safe Mode

  • From the boot menu, select Safe Mode with Networking using the arrow keys.

Safe mode

Step: 2 How to Kill CryptoLocker Portuguese Ransomware Related Process From Task Manager

  • Press Ctrl+Alt+Del together on your keyboard

TM 1

  • It will Open Task manager on Windows
  • Go to Process tab, find the CryptoLocker Portuguese Ransomware related Process.


  • Now click on on End Process button to close that task.

Step: 3 Uninstall CryptoLocker Portuguese Ransomware From Windows Control Panel

  • Visit the Start menu to open the Control Panel.

Win 7 CP 1

  • Select Uninstall a Program option from Program category.

Win 7 CP 2

  • Choose and remove all CryptoLocker Portuguese Ransomware related items from list.

Win 7 CP 3

B: How to Restore CryptoLocker Portuguese Ransomware Encrypted Files

Method: 1 By Using ShadowExplorer

After removing CryptoLocker Portuguese Ransomware from PC, it is important that users should restore encrypted files. Since, ransomware encrypts almost all the stored files except the shadow copies, one should attempt to restore original files and folders using shadow copies. This is where ShadowExplorer can prove to be handy.

Download ShadowExplorer Now


  • Once downloaded, install ShadowExplorer in your PC
  • Double Click to open it and now select C: drive from left panel


  • In the date filed, users are recommended to select time frame of atleast a month ago
  • Select and browse to the folder having encrypted data
  • Right Click on the encrypted data and files
  • Choose Export option and select a specific destination for restoring the original files

Method:2 Restore Windows PC to Default Factory Settings

Following the above mentioned steps will help in removing CryptoLocker Portuguese Ransomware from PC. However, if still infection persists, users are advised to restore their Windows PC to its Default Factory Settings.

System Restore in Windows XP

  • Log on to Windows as Administrator.
  • Click Start > All Programs > Accessories.


  • Find System Tools and click System Restore


  • Select Restore my computer to an earlier time and click Next.


  • Choose a restore point when system was not infected and click Next.

System Restore Windows 7/Vista

  • Go to Start menu and find Restore in the Search box.

system restore


  • Now select the System Restore option from search results
  • From the System Restore window, click the Next button.

  • Now select a restore points when your PC was not infected.

  • Click Next and follow the instructions.

System Restore Windows 8

  • Go to the search box and type Control Panel

  • Select Control Panel and open Recovery Option.

  • Now Select Open System Restore option

  • Find out any recent restore point when your PC was not infected.

  • Click Next and follow the instructions.

System Restore Windows 10

  • Right click the Start menu and select Control Panel.

  • Open Control Panel and Find out the Recovery option.

  • Select Recovery > Open System Restore > Next.

  • Choose a restore point before infection Next > Finish.

Method:3 Using Data Recovery Software

Restore your files encrypted by CryptoLocker Portuguese Ransomware with help of Data Recovery Software

We understand how important is data for you. Incase the encrypted data cannot be restored using the above methods, users are advised to restore and recover original data using data recovery software.

Download Data Recovery Software