Categories: SecurityWorkspace

New Tool Aims To Decrypt Files Lost To Cryptolocker

US Security vendor FireEye and its Dutch counterpart Fox-IT have launched DecryptCryptoLocker – a free online tool that attempts to rescue any files encrypted by the Cryptolocker malware.

Cryptolocker was arguably the most talked-about malware strain of 2013. It usually spreads through emails that claim to originate from a bank or other financial institution and include an executable file disguised as an archived document, which contains the malicious code.

After encrypting the system’s storage devices, including internal and external drives, USB keys and Network-Attached Storage (NAS)s, it gives the victim 72 hours to pay a ‘ransom’ in Bitcoin (BTC). Since it relies on industry-standard encryption, Cryptolocker has had no known antidote. The victim was faced with just two choices – pay the ransom, or lose their data. This ransom can be anything between 0.5 BTC (£172) and 3 BTC (£1034) for the encryption key.

Good news

Those who refused to pay were told they lost the files forever. But the new tool aims to help estimated 500,000 victims of Cryptolocker to once again unlock their files for free.

FireEye told security researcher Brian Krebs that the tool is based on the public keys recovered by Fox-IT as the criminals responsible for this nasty strain of malware were escaping the wrath of the authorities last month.

To receive an appropriate private key and decryption software, Cryptolocker victims simply need to upload a sample of an encrypted file that does not contain any sensitive information. The service is available worldwide, and does not require users to register or provide contact information.

“We are excited to work with Fox-IT to offer a free resource that can help thousands of businesses affected by the spread of CryptoLocker over the last few months,” said Darien Kindlund, director of threat intelligence at FireEye. “No matter the type of cyber breach that a business is impacted by, it is our goal to resolve them and get organisations back to normal operations as quickly as possible.”

FireEye warns that while many variants of CryptoLocker appear similar, not all of them can be tackled through the free service.

Last month, the UK’s National Crime Agency (NCA) announced Operation Tovar, a global campaign which temporarily disrupted the infrastructure behind CryptoLocker, and gave the public two weeks to make sure they are safe from infection. Meanwhile the FBI filed a criminal complaint against Evgeniy Mikhaylovich Bogachev, the Russian citizen suspected of creating the GameOver ZeuS botnet, used to spread Cryptolocker.

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

20 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

21 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

22 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

23 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago