AAPL Stock: 118.03 ( -0.85 )

Printed from

Security firms provide free decryption keys to CryptoLocker victims

updated 11:59 am EDT, Wed August 6, 2014

Decrypt CryptoLocker to help recover files lost to malware

Victims of the CryptoLocker ransomware may be able to unlock their files without having to pay. Security experts from FireEye and Fox IT are hosting Decrypt CryptoLocker, a site dedicated to providing keys for affected systems, allowing for encrypted files to become available to users who chose not to pay the malware creator's ransom demand.

CryptoLocker operated by infecting a system, encrypting the majority of files on the computer's built-in storage and other connected drives. Victims had up to 72 hours to pay the ransom, typically around $500 in various currencies including Bitcoin, in order to receive the key to unlock files. According to the BBC, a database of victims was being transferred between the criminals in an effort to avoid the list falling into the hands of law enforcement, but security researchers monitored traffic in the botnet and made a copy of the transmitted data.

The Decrypt CryptoLocker site requires victims to submit one encrypted file and an e-mail address, with the site then handing a recovery program and a master decryption key to the user at no charge. "All they have to do is submit a file that's been encrypted, from that we can figure out which encryption key was used," advised FireEye chief technology officer Greg Day to the report.

While estimates for ransoms paid to the group behind the malware exceed $100 million, the seized database appears to suggest far less in the way of ransoms were paid. Only 1.3 percent of infected systems resulted in a ransom payment, likely from users not able to restore data from backups, putting the total earned at around $3 million for CryptoLocker. The amount earned from other malware including "Gameover Zeus" is unknown, nor is the cost to users and businesses affected by the malware.

Despite the efforts of security teams, such encryption-based ransomware is still being employed by criminals. The most recent instance, SynoLocker, works in a similar way by infecting some Synology NAS servers using older firmware and encrypting stored data, before demanding 0.6 bitcoin ($350) to release a key. Unfortunately, affected Synology users are not able to use this recovery method.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented