Free service gives decryption keys to Cryptolocker victims

Security software and services firms Fireeye and Fox-IT have created a free online service to provide decryption keys for users whose systems have been encrypted by the ransomware known as Cryptolocker.

As Fireeye explains in a blog post, the infrastructure of Cryptolocker and some other malware was taken down in June in a coordinated campaign called Operation Tovar, but there are still cases where Cryptolocker is attacking users.

To decrypt files locked by Cryptolocker, you need a master decryption key. Go to https://www.decryptcryptolocker.com/, upload an email address and one of the encrypted files (one that should have no sensitive information). The service will analyze the file and email you back the master decryption key. You can take that key and the free decryptolocker.exe command line tool and decrypt your files. We haven't tested it, but both Fireeye and Fox-IT are clever and reputable companies. On the other hand, the first two comments to the Fireeye blog post say the tool returns an error: "Unsuccessful loading key: RSA key format is not supported" and a reply says that someone will be reaching out about the error shortly.

How do they perform this feat? The basic research seems to have been done by Kyrus Tech.

Note that there are many Cryptolocker variants with names like CryptoDefense, PowerLocker, TorLocker and CryptorBit, and the tool may not work against them.