CryptoLocker victims can recover encrypted files

A new online portal allows the estimated 545,000 CrytoLocker victims to freely recover files that were once encrypted by the ransom-demanding malware.

CryptoLocker victims can recover encrypted files
CryptoLocker victims can recover encrypted files

Security researchers at malware defence company FireEye and Netherlands-based outfit Fox-IT built the online portal after finding a copy of CryptoLocker's database of victims after the take-down of the Gameover Zeus botnet – which was used to distribute the ransomware – three months ago.

A spokesperson for FireEye said that a back-up of CryptoLocker was transferred to their infrastructure after the take-down, at which point they discovered the database of private encryption keychains.

The DecryptCryptoLocker tool is available free online at https://www.decryptcryptolocker.com/ and lets users identify a CryptoLocker-encrypted file, upload it to the portal, receive the private key and a link to download and install the decryption tool run locally on their PC. On running the tool locally and using the private key, they should then be able to decrypt files on their PC's hard-drive.

FireEye officials have advised people to not submit files that contain sensitive or personally-identifiable information.

CryptoLocker is reported to have infected some 545,000 users on Windows PCs but was famously disrupted back in May, when various law enforcement agencies clubbed together in ‘Operation Tovar' to take control of the malware's command-and-control (C&C) infrastructure, as well as that controlling Gameover Zeus.

The attack required users to pay ransoms of £327, £317 or the equivalent in the Bitcoin virtual currency within 72 hours in order to get their files back unencrypted. A failure to pay the ransom within that time would result in the master encryption key being destroyed, meaning that users would lose the files for good.

It is estimated that only 1.3 percent of victims paid the ransom – as most were able to restore the them from back-up, but this was still enough for the cyber-criminal group behind the malware to net around US$3 million (£1.78 million). It's worth noting, however, that Bitcoin value has fluctuated widely in recent times.

The take-down saw the FBI charge alleged ringleader Evgeniy Bogachev, who is now believed to be living in Russia.

In recent times, new versions of both Gameover and CryptoLocker have emerged, with cyber-criminals quickly moving onto new infrastructure.

Page 1 of 2

Sign up to our newsletters