A Great Big City

Decrypt Your CryptoLocker Files

Locked
Locked via Tyler Nienhouse on Flickr

CryptoLocker was an insidious computer virus from 2013 that attacked a user's computer through an email attachment, scrambled any documents it found by encrypting them, then held onto the secret key that would decrypt the files. If you paid a ransom to the scammers of around $400, they would send back the encryption key to unlock your files.

Until now, if you didn't pay that ransom or didn't have a safe backup of your files, there was no way to recover your documents. After a recent takedown of a global botnet that distributed CryptoLocker, some of the keys necessary to unlock encrypted files were found, and you can now see if your key is available by uploading a test file to this website provided by FireEye and Fox-IT. The process involves uploading one of your encrypted files and providing an email address. If the file is able to be decrypted by one of the keys they obtained, they will email you the key an a link to their decryption program.

How FireEye and Fox-IT obtained the keys isn't stated clearly. This is as deep as the explanation goes on their site:

Through various partnerships and reverse engineering engagements, Fox-IT and FireEye have ascertained many of the private keys associated with CryptoLocker. Having these private keys allows for decryption of files that are encrypted by CryptoLocker.

Given that CryptoLocker functioned by generating the secret key on a server, it's possible some of those keys were found on servers seized in the botnet takedown. If you've been hit by CryptoLocker, trying to decrypt your files using DeryptoLocker is certainly safer than paying the ransom, but always exercise caution when handing any personal info over to a website and running a downloaded program!

Learn more about the specifics of CryptoLocker and the recovery process in this FireEye blog post.

(Image via Tyler Nienhouse on Flickr)

h/t SecurityWeek

Share this post:

Comments

Your email address will remain private, but will be used to display your Gravatar image if available. Text and emojis may be used but HTML tags will be deleted and there is a limit of 150 words. 👍