This topic was created in 2014 for help with the original CryptoLocker Ransomware which first appeared in the beginning of September 2013. The topic keeps being resurrected by folks incorrectly assuming their infection is the result of CryptoLocker ransomware when that is not the case.
CryptoLocker Ransomware does not exist anymore and hasn't since June 2014. There are many copycat ransomware variants which pretend to be or use the CryptoLocker name but those infections are not the same. Any references to CryptoLocker and retrieving keys for it will not work anymore.
[b]If you need assistance with a ransomware infection, please read and follow the instructions in these topics.
- How to Post a Topic Asking for Help With Ransomware
- ID Ransomware for assistance with identification and confirmation
Thanks for you cooperation
The BC Staff
FireEye in collaboration with Fox-IT have released a way to possibly retrieve the private decryption key for those who were infected by the CryptoLocker infection. As covered extensively in the past, CryptoLocker was a ransomware program that encrypted the data files on an infected computer. In the past, the only way to decrypt your files was to pay the ransom in order to get a decryption key and decrypter. Recently, some of the servers associated with CryptoLocker and the Gameover malware distribution network were taken over by security firms and government agencies, which included FireEye and Fox-IT, during Operation Tovar. During this operation it appears that some of the decryption keys were discovered and are being made available.
In order to see if your decryption key is available, you need to go the site https://www.decryptcryptolocker.com. At this site you can upload one of your CryptoLocker encrypted files and an email address that you wish the key to be sent to. This service will then attempt to decrypt your file using all of the known private decryption keys, and if there is a match, will email you the key and instructions on how to decrypt the rest of your files.
In my tests the decrypter does indeed work, but can be confusing to use. If you have any questions on how to use the decrypter, feel free ask in our CryptoLocker support topic.