back to article CryptoLocker victims offered free key to unlock ransomed files

Security researchers have released a tool that allows victims of the infamous CryptoLocker ransomware to unlock their computers at no charge. DecryptoLocker from net security firm FireEye and threat intelligence company FoxIT offers a cure for the estimated 500,000 victims of CryptoLocker. Victims need to upload a …

  1. d3rrial

    R.I.P.

    R.I.P. CryptoLocker. You were an entertaining piece of software. Congratz to the Developers $27m was it, huh? Very impressive!

  2. Anonymous Coward
    Anonymous Coward

    It was inevitable.

    NO way was this not going to get cracked. It was too high profile and no matter how strong you think your lock is, someone smarter *will* break it.

    http://forums.theregister.co.uk/forum/1/2014/01/02/cryptolocker_worm/

    First post where i said it WILL happen and it did...

    In the workds of Kryten "ah, smug mode!.

    1. Anonymous Coward
      Anonymous Coward

      Re: It was inevitable.

      It hasn't been cracked - they found a stash of private keys when raiding a control server. Presumably the naughty guys will be generating a new lot now.

      1. Version 1.0 Silver badge
        Joke

        Re: It was inevitable.

        I understand that the NSA are planning to use cryptolocker on all their top secrete files ...

    2. AbelSoul

      Re: First post where i said it WILL happen and it did...

      Except that's not quite true.

      1. Anonymous Coward
        Anonymous Coward

        Re: First post where i said it WILL happen and it did...

        In what way is it "not quite true".

        In the same way as your vauge statement is "not quite accurate".

    3. Anonymous Coward
      Anonymous Coward

      Re: It was inevitable.

      Ohh the butt hurt.....

      Cracked, hacked, decrypted, recovered keys, i dont give a monkeys HOW it was done. But it was..

      1. Sir Runcible Spoon
        Trollface

        Re: It was inevitable.

        "Cracked, hacked, decrypted, recovered keys, i dont give a monkeys HOW it was done. But it was.."

        Your lack of comprehension is disturbing.

        1. Anonymous Coward
          Anonymous Coward

          Re: It was inevitable.

          What is there about my comprehension you seem to think is lacking??

          A set of private keys were recovered, it doesnt matter how, by who or when. The simple fact is they were recovered and that allowed the decryption of probably millions of files.

          No doubt a blessed relief to a great many peeps

          If they hadn't been recovered we wouldn't be having this conversation.

          So, go on SRS, explain, what is it about my comprehension i lack?

      2. Adam 1

        Re: It was inevitable.

        >Cracked, hacked, decrypted, recovered keys, i dont give a monkeys HOW it was done. But it was..

        Thief 1: We managed to crack the uber secure super vault.

        Thief 2: Awesome! But how? We have been trying for years without success. Even the cops and even three letter agencies haven't been able to get in! That is a game changer. Can you describe how you did it?

        Thief 1: We found a spare set of keys in the wife's handbag.

  3. Anonymous Coward
    Anonymous Coward

    CERT who?

    If government funded CERT-UK were focusing on the threat of Cryptolocker et al, why has the cure been provided by two private companies?

    Completely honest question: Are CERT doing anything useful, or are they just a bunch of official hand wringers re-publishing the sort of advice that you can get on the Reg for free?

  4. Rabbit80

    Links to the decryptcryptolocker site give a 403 - forbidden error..

    1. Cipher
      Joke

      Rabbit80 posted:

      "Links to the decryptcryptolocker site give a 403 - forbidden error."

      They hace been h@Xor3d!!

  5. Joerg

    The real question is "who is really behind Cryptolocker" ?

    ... and now this partial free decrypting tool "appears" ..."like magic" ... with a statement of having reverse-engineered some private keys "left behind" ...

    The question is still there "who is really behind Cryptolocker" ?

    All this decrypting things looks fishy as hell... the truth will be never be known but it's obvious here some really bad things are going on...

    1. Steve Knox
      Facepalm

      Re: The real question is "who is really behind Cryptolocker" ?

      No, these are well-known security companies who participated in the recent takedown of some C&C servers. The tool didn't appear like magic; it's pretty well explained in the article.

      The truth is known, you just don't want to accept it.

  6. Oli 1

    Had a few clients infected with this due to bad on the ground security practices, deleted the lot and restored from online backup. Business as usual after a slightly extended lunch break...

    Do feel sorry for home users who got hit though, i heard of someone who lost their dissertation, no one but his own fault for no backup but still. Ouch...

    1. Cynic_999 Silver badge

      You mean there's someone who didn't write his dissertation in a single all-night session the day before it was due?

    2. veti Silver badge

      To protect against Cryptolocker, it's not enough to just have "backups". If all you do is copy your data files to an external drive, say, once a week, then your backups would likely be corrupted as well. What you need is "regular backups with full version history maintained".

      I don't think I know anyone who has that kind of setup at home.

      1. Alex Rose

        You know you're on the forums of an IT website, right?

        (Yes. Yes I do have that sort of setup. "Why?" I hear you ask - because as an IT professional it's really easy to set up, I also do it for my close family.)

    3. Gis Bun

      How many home users do you know back up their data?

      How many home users do you know get a nice Email with an attachment from someone they don't know and open the attachment?

  7. Anonymous Coward
    Anonymous Coward

    decryptcryptolocker...

    Brought to you by the kind people who brought you Cryptolocker!

    1. Not That Andrew

      Re: decryptcryptolocker...

      Nope, brought to you by the idiots who sold you the expensive AV that didn't detect Crytolocker

  8. btrower

    Maximum Penalties...

    This evil malware is simply the worst. I cannot think of a punishment too horrible for the perps. The sweeping human misery caused by this should be enough to lock them up for the rest of their lives. I am deadly serious.

    Regardless of the ratio of stupid to evil involved here, these are, operationally, dangerous sociopaths and should be treated that way.

    Every single nickel being spent enforcing copyrights for private interests should be redirected to hunting down these dogs. They should then be locked up with RIAA folk and periodically enough meat for one should be tossed into the cage.

    Above not nearly cruel enough so I think we should probably fund a project to invent fitting punishment. Maybe put them at the mercy of several thousand people they harmed?

    1. Mark 85 Silver badge

      Re: Maximum Penalties...

      Try this instead.... the malware people behind this get tossed into a cage with the AV vendors who didn't detect it. They can have some knifes.. maybe a chain or two. Once there's only one guy standing, we send in the hungry lions.

      1. veti Silver badge

        Re: Maximum Penalties... @Mark 85

        Contrary to what you may have seen in certain movies... drastic punishments should really be reserved for people who do something actively bad.

        People who just screw up at their job, without malice, don't deserve anything worse than - at most - being fired. Anything else just creates an environment where no-one will even try to do those jobs...

        1. Mark 85 Silver badge

          Re: Maximum Penalties... @Mark 85

          You're probably right about "actively bad". I'm just more than a bit testy about AV companies who's products don't detect known malware and block it. I'm sorta' hoping there's a special place in hell for the MS Windows folks who leave holes.... and never fix them.

    2. Gis Bun

      Re: Maximum Penalties...

      Need to put the fear in these thieves. How about 1 year in prison per $100,000 stolen....

  9. omab

    Unfortunately, it doesn't work for all Crypto infected files. I have copped a CryptoWall one, and FireEye does not recognize my infected filess :( Any help?

    1. Gis Bun
  10. Fuh Quit
    Thumb Up

    Doing encryption right

    Well the perps did do encryption right and it's only the fact that they needed infrastructure that they did not manage themselves that this "reverse" engineering can take place. Like all security, it's only as secure as the weakest link.

    And so there are 500'000 private keys "available". I bet only a fraction are used....many people have probably formatted, given up or simply moved on.

    Ransomware will continue and will become even more sophisticated. Easy money for the bad guys will ensure that.

  11. Tom 35

    Didn't work

    I got the key, but when I tried it I get the error "Unsuccessful loading key: RSA key format is not supported".

    When I check their blog I find comments to the blog post say the tool returns an error: "Unsuccessful loading key: RSA key format is not supported" and a reply says that someone will be reaching out about the error shortly.

    http://www.fireeye.com/blog/corporate/2014/08/your-locker-of-information-for-cryptolocker-decryption.html

  12. AlbertH
    Linux

    When will people learn.....

    There is no reason to "run" any version of the MS brokenware. Migrate to a proper operating system....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021