Whitehats recover, release keys to CryptoLocker ransomware
Whitehat hackers have struck back at the operators of the pernicious CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage.
Through a partnership that included researchers from FOX-IT and FireEye, researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims’ personal computer files until they pay a $300 ransom. They also reverse engineered the binary code at the heart of the malicious program. The result: a website that allows victims to recover the key for their individual content.
To use the free service, victims must upload one of the files encrypted by CryptoLocker along with the e-mail address where they want the secret key delivered. Both FOX-IT and FireEye are reputable security companies, but readers are nonetheless advised to upload only non-sensitive files that contain no personal information.
This latest blow against CryptoLocker comes two months after law enforcement agencies around the world disrupted a sprawling botnet that helped distribute CryptoLocker and other malware. Dubbed “Operation Tovar,” the legal action largely neutralized the malicious network and the fallback mechanisms used to keep malware infections in place on 500,000 to one million computers.
In a blog post published Wednesday, FireEye researchers wrote:
Operation Tovar made a clear impact on the distribution of and infection of machines by CryptoLocker. However, there have been no known avenues available designed to help users get their encrypted files back without making significant payments to those responsible for infecting machines in the first place. While the remediation of infected machines can be somewhat difficult, hopefully with the help of https://www.decryptCryptoLocker.com and Decryptolocker.exe, we can help you get back some of the valuable files that may still be encrypted.
As always, to help prevent a threat like this from affecting you and your data, ensure you backup your data. Ideally, this would be done in at least two locations: One would be on premises (such as an external hard drive), and the other would be off premises (such as cloud storage).
According to the BBC, an analysis of the data seized by the whitehat hackers indicated that 1.3 percent of CryptoLocker victims paid the ransom to decrypt their personal data. That figure means the operators may have generated revenue as high as $3 million.