DecryptCryptolocker tool decrypts Cryptolocker encrypted files for free

By  | 

All the 500,000 victims of the Cryptolocker ransomware can now sigh in relief as the researchers have just paved a way out of their predicament and have their encrypted files unlocked without paying any ransom.

Two security companies FireEye and Fox-IT have joined forces to offer DecryptCryptolocker tool to victims to decrypts files encrypted by Cryptolocker for free.

Affected users can upload one file encrypted by the malware and receive a private key along with further instructions on how to decrypt all the files with the key.

However, the companies, stressing that they will not store any file at their end, have warned users that the DecryptCryptolocker tool may not be successful in decrypting all the files as there are multiple variants of Cryptolocker.

FireEye in a blog post noted that the Cryptolocker, which takes control of the system and demands typically £171 ($300) in ransom for unlocking, had successfully garnered multi-millions in payments just in the first 2 months of distribution.

In order to help the victims who have their files till encrypted, the company leveraged its close partnership with the security company Fox-IT and developed the decryption assistance website and corresponding tool. The companies through several partnerships and reverse-engineering engagements have ascertained a number of private keys associated with Cryptolocker.

“This time we basically got lucky,” said Michael Sandee, principal analyst at Fox-IT. FireEye and Fox-IT added that the remediation of infected machines is in fact somewhat difficult, but they can help the users get back some of the valuable files which may be still encrypted.

The ransomware, said to be operated by Evgeniy Mikhailovich Bogachev (aka Slavik) and his gang of cyber-criminals, has reportedly infected around 600,000 systems globally since 2013. Bogachev is also the man behind the GameOver Zeus malware.

Andy Chandler, senior vice president of Fox-IT said that for months, his company has been tracking Bogachev, and with the FireEye partnership, the companies have got a “clear picture of the criminal group.”