New Tool Aims To Decrypt Files Lost To Cryptolocker

US Security vendor FireEye and its Dutch counterpart Fox-IT have launched DecryptCryptoLocker – a free online tool that attempts to rescue any files encrypted by the Cryptolocker malware.

Cryptolocker was arguably the most talked-about malware strain of 2013. It usually spreads through emails that claim to originate from a bank or other financial institution and include an executable file disguised as an archived document, which contains the malicious code.

After encrypting the system’s storage devices, including internal and external drives, USB keys and Network-Attached Storage (NAS)s, it gives the victim 72 hours to pay a ‘ransom’ in Bitcoin (BTC). Since it relies on industry-standard encryption, Cryptolocker has had no known antidote. The victim was faced with just two choices – pay the ransom, or lose their data. This ransom can be anything between 0.5 BTC (£172) and 3 BTC (£1034) for the encryption key.

Good news

Those who refused to pay were told they lost the files forever. But the new tool aims to help estimated 500,000 victims of Cryptolocker to once again unlock their files for free.

FireEye told security researcher Brian Krebs that the tool is based on the public keys recovered by Fox-IT as the criminals responsible for this nasty strain of malware were escaping the wrath of the authorities last month.

To receive an appropriate private key and decryption software, Cryptolocker victims simply need to upload a sample of an encrypted file that does not contain any sensitive information. The service is available worldwide, and does not require users to register or provide contact information.

“We are excited to work with Fox-IT to offer a free resource that can help thousands of businesses affected by the spread of CryptoLocker over the last few months,” said Darien Kindlund, director of threat intelligence at FireEye. “No matter the type of cyber breach that a business is impacted by, it is our goal to resolve them and get organisations back to normal operations as quickly as possible.”

FireEye warns that while many variants of CryptoLocker appear similar, not all of them can be tackled through the free service.

Last month, the UK’s National Crime Agency (NCA) announced Operation Tovar, a global campaign which temporarily disrupted the infrastructure behind CryptoLocker, and gave the public two weeks to make sure they are safe from infection. Meanwhile the FBI filed a criminal complaint against Evgeniy Mikhaylovich Bogachev, the Russian citizen suspected of creating the GameOver ZeuS botnet, used to spread Cryptolocker.

How well do you know network security? Try our quiz and find out!