Printed from

Security firms provide free decryption keys to CryptoLocker victims

updated 11:59 am EDT, Wed August 6, 2014

Decrypt CryptoLocker to help recover files lost to malware

Victims of the CryptoLocker ransomware may be able to unlock their files without having to pay. Security experts from FireEye and Fox IT are hosting Decrypt CryptoLocker, a site dedicated to providing keys for affected systems, allowing for encrypted files to become available to users who chose not to pay the malware creator's ransom demand.

CryptoLocker operated by infecting a system, encrypting the majority of files on the computer's built-in storage and other connected drives. Victims had up to 72 hours to pay the ransom, typically around $500 in various currencies including Bitcoin, in order to receive the key to unlock files. According to the BBC, a database of victims was being transferred between the criminals in an effort to avoid the list falling into the hands of law enforcement, but security researchers monitored traffic in the botnet and made a copy of the transmitted data.

The Decrypt CryptoLocker site requires victims to submit one encrypted file and an e-mail address, with the site then handing a recovery program and a master decryption key to the user at no charge. "All they have to do is submit a file that's been encrypted, from that we can figure out which encryption key was used," advised FireEye chief technology officer Greg Day to the report.

While estimates for ransoms paid to the group behind the malware exceed $100 million, the seized database appears to suggest far less in the way of ransoms were paid. Only 1.3 percent of infected systems resulted in a ransom payment, likely from users not able to restore data from backups, putting the total earned at around $3 million for CryptoLocker. The amount earned from other malware including "Gameover Zeus" is unknown, nor is the cost to users and businesses affected by the malware.

Despite the efforts of security teams, such encryption-based ransomware is still being employed by criminals. The most recent instance, SynoLocker, works in a similar way by infecting some Synology NAS servers using older firmware and encrypting stored data, before demanding 0.6 bitcoin ($350) to release a key. Unfortunately, affected Synology users are not able to use this recovery method.

By Electronista Staff
Post tools:




Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Apple 13-inch MacBook Pro (Early 2015)

Although the new darling of the Apple MacBook line up is the all-new MacBook, Apple has given its popular 13-inch MacBook Pro with Ret ...

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...



Most Commented


Popular News