All 500,000 victims of Cryptolocker can now recover the files encrypted by the malware without paying a ransom. The malicious program encrypted files on Windows computers and the hacker demanded a substantial fee before handing over the key to the scrambled files.
Thanks to security experts and law enforcement, an online portal has been created where victims can get the decryption key for free.
The portal was created after security researchers grabbed the hackers hardware and got a copy of Cryptolocker’s database of victims.
“This time we basically got lucky,” said Michael Sandee, principal analyst at Fox-IT – one of the security firms which helped tackle the cyber-crime group behind Cryptolocker.
The Timeline
In late May 2014, law enforcement agencies and security companies seized a worldwide network of hijacked home computers that was being used to spread both Cryptolocker and another strain of malware known as Gameover Zeus.
This concerted action seems to have prompted an attempt by the gang to ensure one copy of their database of victims did not fall into police hands. What the criminals did not know was that law enforcement personnel and the security firms were already in control of part of the network and were able to grab the data as it was being sent.
The action also involved the FBI charging a Russian man, Evgeniy Bogachev, aka “lucky12345” and “slavik”, who is accused of being the ring leader of the gang behind Gameover Zeus and Cryptolocker.
The Gameover Zeus family of malware targets people who bank online, and is thought to have racked up millions of victims.
Cryptolocker was created by a sub-group inside the larger gang and first appeared in September 2013, since then, it has amassed about 500,000 victims.
Those infected were initially presented with a demand for $400 – $500 or an equivalent amount in the virtual Bitcoin currency. Victims had 72 hours to pay up or the specific keys that would unlock their files would be destroyed.
Analysis of the back-up database indicates that only 1.3% of all the people hit by the malware paid the ransom.
Despite the low response rate, the gang is believed to have netted about $3m from Cryptolocker alone. Many of those caught did not pay because they were able to restore files from back-ups. However, others are believed to have lost hug amounts of important files and business documents to the cyber-thieves.
Security firms Fox-IT and FireEye – who assisted in the efforts to shut down the Gameover Zeus group – have created a portal called Decrypt Cryptolocker via which any of the 500,000 victims can find the decryption key needed to unlock their files. All they have to do is submit a file that’s been encrypted and from that file we can figure out which encryption key was used,” said Greg Day, chief technology officer at FireEye.
People wishing to use the portal should submit a file that does not contain sensitive information to help verify which key they need.
Here’s the link:
