Security Firm FireEye Offers a Free Cure for CryptoLocker Victims

Victims of the infamous ransomware CryptoLocker now have some relief in the form of a free decryption tool that frees their files held ransom.

FireEye and security research firm Fox IT have released a tool called DecryptoLocker which provides a private key that’s able to decrypt files encrypted by CryptoLocker. Users simply need to upload a file encrypted by CryptoLocker and the site will email the user a private key used for decryption.

In a blog post Kyle Wilhoit and Uttang Dawda from FireEye explain that this tool is possible because an international law enforcement effort called Operation Tovar was able to commandeer key servers used by the Gameover ZeuS botnet, the infrastructure used to distribute the CryptoLocker ransomware. A cache of private keys were obtained from the servers by authorities which allowed FireEye and Fox IT to develop this tool.

According to reports approximatley 545,000 computers worldwide have been infected with CryptoLocker between September 2013 and May 2014. The proprietors of CryptoLocker have reportedly made nearly $27 million in ransom fees — mostly through Bitcoin — from users seeking to decrypt their files held hostage for a $300 fee on average.

As CryptoLocker’s encryption scheme isn’t broken — authorities only obtained a cache of keys — it might be impossible to recover all of the data for some users, particularly if the user has been infected by one of CryptoLocker’s variants.