Printed from

Security firms provide free decryption keys to CryptoLocker victims

updated 11:59 am EDT, Wed August 6, 2014

Decrypt CryptoLocker to help recover files lost to malware

Victims of the CryptoLocker ransomware may be able to unlock their files without having to pay. Security experts from FireEye and Fox IT are hosting Decrypt CryptoLocker, a site dedicated to providing keys for affected systems, allowing for encrypted files to become available to users who chose not to pay the malware creator's ransom demand.

CryptoLocker operated by infecting a system, encrypting the majority of files on the computer's built-in storage and other connected drives. Victims had up to 72 hours to pay the ransom, typically around $500 in various currencies including Bitcoin, in order to receive the key to unlock files. According to the BBC, a database of victims was being transferred between the criminals in an effort to avoid the list falling into the hands of law enforcement, but security researchers monitored traffic in the botnet and made a copy of the transmitted data.

The Decrypt CryptoLocker site requires victims to submit one encrypted file and an e-mail address, with the site then handing a recovery program and a master decryption key to the user at no charge. "All they have to do is submit a file that's been encrypted, from that we can figure out which encryption key was used," advised FireEye chief technology officer Greg Day to the report.

While estimates for ransoms paid to the group behind the malware exceed $100 million, the seized database appears to suggest far less in the way of ransoms were paid. Only 1.3 percent of infected systems resulted in a ransom payment, likely from users not able to restore data from backups, putting the total earned at around $3 million for CryptoLocker. The amount earned from other malware including "Gameover Zeus" is unknown, nor is the cost to users and businesses affected by the malware.

Despite the efforts of security teams, such encryption-based ransomware is still being employed by criminals. The most recent instance, SynoLocker, works in a similar way by infecting some Synology NAS servers using older firmware and encrypting stored data, before demanding 0.6 bitcoin ($350) to release a key. Unfortunately, affected Synology users are not able to use this recovery method.

By Electronista Staff
Post tools:




Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...



Most Commented


Popular News