Free service gives decryption keys to Cryptolocker victims

Summary:Thanks to a couple of security firms, users can unencrypt their Cryptolocked files without paying the ransom.

Security software and services firms Fireeye and Fox-IT have created a free online service to provide decryption keys for users whose systems have been encrypted by the ransomware known as Cryptolocker.

As Fireeye explains in a blog post, the infrastructure of Cryptolocker and some other malware was taken down in June in a coordinated campaign called Operation Tovar, but there are still cases where Cryptolocker is attacking users.

To decrypt files locked by Cryptolocker, you need a master decryption key. Go to, upload an email address and one of the encrypted files (one that should have no sensitive information). The service will analyze the file and email you back the master decryption key. You can take that key and the free decryptolocker.exe command line tool and decrypt your files. We haven't tested it, but both Fireeye and Fox-IT are clever and reputable companies. On the other hand, the first two comments to the Fireeye blog post say the tool returns an error: "Unsuccessful loading key: RSA key format is not supported" and a reply says that someone will be reaching out about the error shortly.

How do they perform this feat? The basic research seems to have been done by Kyrus Tech.

Note that there are many Cryptolocker variants with names like CryptoDefense, PowerLocker, TorLocker and CryptorBit, and the tool may not work against them.


Topics: Security


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.