CryptoLocker victims can recover encrypted files

A new online portal allows the estimated 545,000 CrytoLocker victims to freely recover files that were once encrypted by the ransom-demanding malware.

CryptoLocker victims can recover encrypted files
CryptoLocker victims can recover encrypted files

Pete Wood, IT security consultant and CEO of UK-based pentester First Base Technologies, said that the news is the latest sign that cyber-criminals ‘can't get away with everything', even if they are using anonymising technologies and operating across numerous jurisdictions, and added that it shows how cyber-crime collaboration continues to improve in the public and private sector.

“It's tremendous news – I've always been a great supporter of working with law enforcement as well as you can. It's part of the social responsibility you've got to have in this space. If we can form strong links with the National Crime Agency (NCA), the Met and security services, we can all move in the same direction,” Wood told, adding that he was also encouraged that the two companies were educating users to not upload sensitive documents that could contravene the Data Protection Act or conflict with commercial interests.

But he warns that cyber-criminals are unlikely to give up with CryptoLocker, especially given its financial success.

“I would imagine so,” said Wood, on the possibility that criminals would continue to develop new iterations of the malware. “I don't imagine they would get off it that easily with it being such a successful criminal product.”

In an email with SC, veteran security researcher Graham Cluley agreed: “The criminals behind CryptoLocker won't have just rolled onto their backs and given up when their CryptoLocker revenue stream was disrupted.  They'll be looking for other ways to make money.”

Wood continued that while FireEye and Fox-IT had grabbed private keys, undermining the algorithm behind CryptoLocker would be another thing entirely and said that threat actors may have learnt something too from the take-down in May.

Jonathan Care, a UK-based security technologist and architect, agreed with Wood, saying, “It's good to see security companies like FireEye and Fox-IT standing up and providing this service to the community.” He told SC by email: “What would be even better would be if they were willing to release the solution itself. Open source disclosure of "this is how we beat the bad guys" strengthens the defensive security community as a whole, and puts the bad guys on notice that their tricks are being exposed to the light of public scrutiny.”

Writing on Virus Bulletin, meanwhile, security researcher Martin Grooten warned that businesses shouldn't take this as a sign that the encryption itself has been cracked.

“While this is certainly good news for those who have had their files encrypted with this ransomware, it is important to note that the encryption itself still hasn't been cracked. Moreover, following the 'success' of CryptoLocker, many copycats have sprung up (even including one targeting NAS devices)."

Page 2 of 2

Sign up to our newsletters