Welcome to the new ZDNet! Give feedback or learn more about our updated design here. Or, return to the classic view.

Free service gives decryption keys to Cryptolocker victims

Thanks to a couple of security firms, users can unencrypt their Cryptolocked files without paying the ransom.

Security software and services firms Fireeye and Fox-IT have created a free online service to provide decryption keys for users whose systems have been encrypted by the ransomware known as Cryptolocker.

As Fireeye explains in a blog post, the infrastructure of Cryptolocker and some other malware was taken down in June in a coordinated campaign called Operation Tovar, but there are still cases where Cryptolocker is attacking users.

decryptcryptolocker.com

To decrypt files locked by Cryptolocker, you need a master decryption key. Go to https://www.decryptcryptolocker.com/, upload an email address and one of the encrypted files (one that should have no sensitive information). The service will analyze the file and email you back the master decryption key. You can take that key and the free decryptolocker.exe command line tool and decrypt your files. We haven't tested it, but both Fireeye and Fox-IT are clever and reputable companies. On the other hand, the first two comments to the Fireeye blog post say the tool returns an error: "Unsuccessful loading key: RSA key format is not supported" and a reply says that someone will be reaching out about the error shortly.

How do they perform this feat? The basic research seems to have been done by Kyrus Tech.

Note that there are many Cryptolocker variants with names like CryptoDefense, PowerLocker, TorLocker and CryptorBit, and the tool may not work against them.

cryptolocker

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All