Security experts have managed to offer a lifeline to those who have been affected by the Cryptolocker malware as they can now unencrypt your data for free.
An online portal called Decrypt Cryptolocker has been created by security firms Fox-IT and FireEye where the victims can get the encryption keys by submitting one of the encrypted files.
Greg Day, chief technology officer at FireEye stated, “All they have to do is submit a file that’s been encrypted from that we can figure out which encryption key was used.”
Greg Day also recommended that those who wish to utilise the portal to receive the keys should submit a file that doesn’t contain any confidential data.
Once the Cryptolocker malware was on a Windows machine/server, it would encrypt files and demand a payment to be made within 72 hours to receive the keys to unencrypt the data. If no payment was received within the window, the keys were destroyed, rendering the encrypted data useless. It is believed that the requested payments were in the region of $400, €400 or the equivalent in the virtual Bitcoin currency.
Security firms Fox-IT and FireEye were able to create the portal after security researched had managed to obtain a copy of Cryptolocker’s database of victims after police forces and security firms gained control of part of their network and grab data as it was being sent.
The FBI have also charged a Russian man, Evgeniy Bogachev, aka “lucky12345” and “slavik” who is accused of being the leader if the gang behind Gameover Zeus and Cryptolocker.
From analysis, it is thought that as little as 1.3% of all people who were affected by the Cryptolocker malware paid the ransom fee to get their data back. Despite such a low number of people paying, it thought that the gang managed to earn around $3 million.
It is thought that the percentage of those who paid was so low because they either managed to recover their data from backups or just accepted that they have lost the affected data and refused to pay.