CryptoLocker decrypted: Researchers reveal website that frees your files from ransomware

CryptoLocker is a nasty bit of ransomware that encrypts all your files unless you pay, but Fox-IT and FireEye can help you for free.

The CryptoLocker ransomware is as simple as it is devastating: Once it worms its way onto your system, it encrypts all of your precious files using strong AES-256-bit cryptography, which is virtually impossible to break if you don't know the private key (read: secret code) required to unlock it. Pay the attackers $300, and they'll give you the key. Don't pay, and your files stay scrambled forever.

Until now.

Researchers from FireEye and Fox-IT have managed to recover the private encryption keys used by CryptoLocker's authors, as well as reverse-engineer the code powering the malware itself--meaning the firms can unlock your files. And while they could no doubt make a pretty penny selling that service to victims at a price far less than CryptoLocker's $300 Bitcoin ransom, the security firms are taking the high road, and providing the private key details for free via the just-launched Decrypt CryptoLocker website.

The process couldn't be easier: Simply send the site one of the CryptoLocker-encrypted files on your PC, along with an email address. It'll scan the file to figure out the encryption specifics, then send you a recovery program and master key that can be used to rescue your ransomed data.

FireEye warns that some data might not be recoverable, particularly if you've been infected by a CryptoLocker variant rather than CryptoLocker itself.

BBC reports that 500,000 people fell victim to CryptoLocker, with 1.3 percent forking over cash to free their files. In other words, the malware earned its makers around $3 million before the criminal network was smashed by authorities and security researchers in May.

Variants are still scuttling around the web, however. Beyond using security software and safe browsing practices, the best offense against ransomware is a strong defense. Making regular backups will let you easily recover your data if your PC ever falls prey to an encryption-based attack.

Tags Fox-ITsecurityFireEyeencryptionmalware

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-420

In partnership, Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-420 systems.

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.