Printed from

Security firms provide free decryption keys to CryptoLocker victims

updated 11:59 am EDT, Wed August 6, 2014

Decrypt CryptoLocker to help recover files lost to malware

Victims of the CryptoLocker ransomware may be able to unlock their files without having to pay. Security experts from FireEye and Fox IT are hosting Decrypt CryptoLocker, a site dedicated to providing keys for affected systems, allowing for encrypted files to become available to users who chose not to pay the malware creator's ransom demand.

CryptoLocker operated by infecting a system, encrypting the majority of files on the computer's built-in storage and other connected drives. Victims had up to 72 hours to pay the ransom, typically around $500 in various currencies including Bitcoin, in order to receive the key to unlock files. According to the BBC, a database of victims was being transferred between the criminals in an effort to avoid the list falling into the hands of law enforcement, but security researchers monitored traffic in the botnet and made a copy of the transmitted data.

The Decrypt CryptoLocker site requires victims to submit one encrypted file and an e-mail address, with the site then handing a recovery program and a master decryption key to the user at no charge. "All they have to do is submit a file that's been encrypted, from that we can figure out which encryption key was used," advised FireEye chief technology officer Greg Day to the report.

While estimates for ransoms paid to the group behind the malware exceed $100 million, the seized database appears to suggest far less in the way of ransoms were paid. Only 1.3 percent of infected systems resulted in a ransom payment, likely from users not able to restore data from backups, putting the total earned at around $3 million for CryptoLocker. The amount earned from other malware including "Gameover Zeus" is unknown, nor is the cost to users and businesses affected by the malware.

Despite the efforts of security teams, such encryption-based ransomware is still being employed by criminals. The most recent instance, SynoLocker, works in a similar way by infecting some Synology NAS servers using older firmware and encrypting stored data, before demanding 0.6 bitcoin ($350) to release a key. Unfortunately, affected Synology users are not able to use this recovery method.

By Electronista Staff
Post tools:




Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...



Most Commented


Popular News