Decrypt Your CryptoLocker Files

Locked
Locked via Tyler Nienhouse on Flickr

CryptoLocker was an insidious computer virus from 2013 that attacked a user's computer through an email attachment, scrambled any documents it found by encrypting them, then held onto the secret key that would decrypt the files. If you paid a ransom to the scammers of around $400, they would send back the encryption key to unlock your files.

Until now, if you didn't pay that ransom or didn't have a safe backup of your files, there was no way to recover your documents. After a recent takedown of a global botnet that distributed CryptoLocker, some of the keys necessary to unlock encrypted files were found, and you can now see if your key is available by uploading a test file to this website provided by FireEye and Fox-IT. The process involves uploading one of your encrypted files and providing an email address. If the file is able to be decrypted by one of the keys they obtained, they will email you the key an a link to their decryption program.

How FireEye and Fox-IT obtained the keys isn't stated clearly. This is as deep as the explanation goes on their site:

Through various partnerships and reverse engineering engagements, Fox-IT and FireEye have ascertained many of the private keys associated with CryptoLocker. Having these private keys allows for decryption of files that are encrypted by CryptoLocker.

Given that CryptoLocker functioned by generating the secret key on a server, it's possible some of those keys were found on servers seized in the botnet takedown. If you've been hit by CryptoLocker, trying to decrypt your files using DeryptoLocker is certainly safer than paying the ransom, but always exercise caution when handing any personal info over to a website and running a downloaded program!

Learn more about the specifics of CryptoLocker and the recovery process in this FireEye blog post.

(Image via Tyler Nienhouse on Flickr)

h/t SecurityWeek

Comments

Your email address will remain private, but will be used to display your Gravatar icon if available.
Plain text and emojis may be used but there is a limit of 150 words.

Advertisement

Who are Aespa (μ—μŠ€νŒŒ), the first K-pop girl group in the Macy's Thanksgiving Parade?

What's up for August 16

Beware of scam text messages from a fake NY DMV website

Bargain-Priced 2-Bed in a Gated Community

West Farms 1-Bed Brings Bright Light and a Neighborhood Zoo for $1,425

Live a Bright Life in Ocean Hill for Less Than $2K Per Month