CryptoLocker decrypted: Researchers reveal website that frees your files from ransomware
By Brad Chacos, PC World | August 6th, 2014
CryptoLocker is a nasty bit of ransomware that encrypts all your files unless you pay, but Fox-IT and FireEye can help you for free.
The CryptoLocker ransomware is as simple as it is devastating: Once it worms its way onto your system, it encrypts all of your precious files using strong AES-256-bit cryptography, which is virtually impossible to break if you don’t know the private key (read: secret code) required to unlock it. Pay the attackers $300, and they’ll give you the key. Don’t pay, and your files stay scrambled forever.
Researchers from FireEye and Fox-IT have managed to recover the private encryption keys used by CryptoLocker’s authors, as well as reverse-engineer the code powering the malware itself–meaning the firms can unlock your files. And while they could no doubt make a pretty penny selling that service to victims at a price far less than CryptoLocker’s $300 Bitcoin ransom, the security firms are taking the high road, and providing the private key details for free via the just-launched Decrypt CryptoLocker website.
The process couldn’t be easier: Simply send the site one of the CryptoLocker-encrypted files on your PC, along with an email address. It’ll scan the file to figure out the encryption specifics, then send you a recovery program and master key that can be used to rescue your ransomed data.
BBC reports that 500,000 people fell victim to CryptoLocker, with 1.3 percent forking over cash to free their files. In other words, the malware earned its makers around $3 million before the criminal network was smashed by authorities and security researchers in May.
Variants are still scuttling around the web, however. Beyond using security software and safe browsing practices, the best offense against ransomware is a strong defense. Making regular backups will let you easily recover your data if your PC ever falls prey to an encryption-based attack.