Boffins at Fox-IT and FireEye have teamed up to provide a free service – decryptolocker.com – to help anyone has fallen foul of the notorious CryptoLocker malware that encrypts computer files and demands a ransom be paid for the decryption key.
To use the DecryptoLocker service, CryptoLocker victims will need to:
- Identify a single, Cryptolocker-encrypted file that they believe does not contain sensitive information, and upload it to the DecryptoLocker portal. I’m sure the service would work on a file containing sensitive information, but it’s obviously bad practice to upload such a file to the service.
- Wait to receive a private key from the portal and a link to download and install a
decryption tool that can be run locally on their computer.
- Run the decryption tool locally on their computer, using the provided private key, to
decrypt all of the encrypted files on their hard drive.
Sounds neat – and if the service wasn’t supplied by trusted, established security experts like Fox-IT and FireEye I would tell people to be suspicious. But this appears to be the real deal – and will be a god send to users who thought they had lost access to their data forever.
Ronald Prins of Fox-IT confirmed on Twitter that it was possible to create the DecryptoLocker service after researchers managed to access the criminals’ database of private keys.
So, it’s still the case that CryptoLocker’s encryption hasn’t been actually cracked, but that doesn’t matter for victims who don’t have access to a backup, or who balked at the idea of paying money to extortionists.
CryptoLocker was a big problem, hitting some 600,000 computer users around the globe, so it’s good to see both law enforcement and the security industry fighting back.
Lets hope that the authorities manage to get their hands on Evgeniy Mikhailovich Bogachev (also known as “Slavik”). 30-year-old Bogachev is the alleged mastermind of the gang that spread the GameOver Zeus (“GOZ”) malware and Cryptolocker ransomware, and was the subject of a recent FBI “Wanted Poster”.
Andy Chandler, senior vice president of Fox-IT, tells me that his company has been tracking Slavik for months, and in partnership with FireEye a clear picture of the criminal group has emerged. Maybe if the current political situation improves we can hope to see more action taken against him and the rest of the CryptoLocker/GameOver Zeus gang.
But for now, if you were a victim of CryptoLocker and chose not to pay up (good for you!), there’s a new way to get your data back: decryptolocker.com.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.