Can Cryptolocker (Or Other Ransomware) Encrypt Files That Are Already Encrypted?

Yes they are still vulnerable. Encryption just transforms a sequence of bits into another sequence of bits (and assuming the encryption is good it will be computationally infeasible to reverse this process without knowledge of some secret). There's no reason why encryption can't be performed again on an already encrypted sequence of bits.

It's possible certain ransomware implementations might look for specific files that are likely to be of high value, and encrypting these files might make them more difficult to recognise. However, I would not depend on this as my primary control against the threat of ransomware.


As thexacre says, each encryption algorithm maps one set of bits to another. To give a live example, consider the following hashes:

 md5(Good morning America)             = 4c8112d7d9b81847c17d053182633472
sha1(4c8112d7d9b81847c17d053182633472) = eb5da658e171a2a8fbb07c702939bd3d273de049

If you were to crack eb5da658e171a2a8fbb07c702939bd3d273de049, you'd get 4c8112d7d9b81847c17d053182633472 back as the result. If you cracked that, you'd get "Good morning America" back as a result.

This example isn't a pair of encryption schemes, but it does show two different functions that map one set of bits to another, being used in succession with no problem – the same thing which would happen with ransomware encrypting your encrypted file. This process is, essentially, function composition:

             my-encryption: X → Y
                ransomware: Y → Z

ransomware ∘ my-encrpytion: X → Z

(In case it's not obvious, X is the original file, Y is your encrypted file, and Z is the file that the ransomware is holding hostage.)

Your encryption scheme knows how to figure out Y → X (when combined with whatever secret is required), and the ransomware knows how to figure out Z → Y, but nobody knows how to figure out Z → X.


Encrypting an already encrypted file, is like putting a safe inside another safe. But then crypotlocker will then have your encrypted file inside its safe. So, sorry this will not protect you.

There is a service here: https://www.decryptcryptolocker.com/ That you can use for retrieval should you have files that are encrypted with cryptolocker.

And to guard against this attack it is best to use an antivirus software such as Kaspersky or NOD32 they are by no means bullet proof but should guard you somewhat.