Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decryption keys are now freely available for victims of CryptoLocker


  • Please log in to reply
187 replies to this topic

#1 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,193 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:24 AM

Posted 06 August 2014 - 12:41 PM

@ All Readers

This topic was created in 2014 for help with the original CryptoLocker Ransomware which first appeared in the beginning of September 2013. The topic keeps being resurrected by folks incorrectly assuming their infection is the result of CryptoLocker ransomware when that is not the case.
 
CryptoLocker Ransomware does not exist anymore and hasn't since June 2014. There are many copycat ransomware variants which pretend to be or use the CryptoLocker name but those infections are not the same. Any references to CryptoLocker and retrieving keys for it will not work anymore.

[b]If you need assistance with a ransomware infection, please read and follow the instructions in these topics.If you need assistance with malware removal, please start a new topic in the Am I infected? What do I do? forum.

Thanks for you cooperation
The BC Staff
.
 
 
FireEye in collaboration with Fox-IT have released a way to possibly retrieve the private decryption key for those who were infected by the CryptoLocker infection. As covered extensively in the past, CryptoLocker was a ransomware program that encrypted the data files on an infected computer. In the past, the only way to decrypt your files was to pay the ransom in order to get a decryption key and decrypter. Recently, some of the servers associated with CryptoLocker and the Gameover malware distribution network were taken over by security firms and government agencies, which included FireEye and Fox-IT, during Operation Tovar. During this operation it appears that some of the decryption keys were discovered and are being made available.

In order to see if your decryption key is available, you need to go the site https://www.decryptcryptolocker.com. At this site you can upload one of your CryptoLocker encrypted files and an email address that you wish the key to be sent to. This service will then attempt to decrypt your file using all of the known private decryption keys, and if there is a match, will email you the key and instructions on how to decrypt the rest of your files.
 

decryptcryptolocker.com.jpg

In my tests the decrypter does indeed work, but can be confusing to use. If you have any questions on how to use the decrypter, feel free ask in our CryptoLocker support topic.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:24 AM

Posted 06 August 2014 - 03:11 PM

Are there any fees for decryption?


No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,193 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:24 AM

Posted 06 August 2014 - 03:14 PM

No, it's free. As I understand it (I don't have a cryptolocker infection to test with) you submit one encrypted file from your system and they will e-mail you the decryption key for all files on your system (assuming they have your key in the captured database) along with a decryption tool.


Edited by Andrew, 06 August 2014 - 03:24 PM.


#4 Uselesslight

Uselesslight

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Armstrong, BC
  • Local time:05:24 AM

Posted 06 August 2014 - 03:14 PM



#5 Uselesslight

Uselesslight

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Armstrong, BC
  • Local time:05:24 AM

Posted 06 August 2014 - 03:48 PM

With this information being widespread now, how effective will the decryption keys be once the authors of the Malware discover that keys are available for free?

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 42,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 06 August 2014 - 04:02 PM

They have no control anymore. Once the keys were taken by security firms and government agencies, the malware devs lost control.

#7 Amna Umen

Amna Umen

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 06 August 2014 - 04:03 PM

With this information being widespread now, how effective will the decryption keys be once the authors of the Malware discover that keys are available for free?

 

Well considering one of the suspected malware authors is now on an FBI wanted listed and their C&C Connections have been cut I'm sure they are trying to lay low with all that cash.



#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 42,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 06 August 2014 - 04:06 PM

And probably developing a new variant as we speak ...

These types of malware are highly successful and are here to stay unfortunately. Just take a look at Synolocker. They are now targeting devices and bypassing the computer altogether.

#9 IllusionEclipse

IllusionEclipse

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chillin in my Compspace
  • Local time:11:24 PM

Posted 07 August 2014 - 03:38 AM

And probably developing a new variant as we speak ...

These types of malware are highly successful and are here to stay unfortunately. Just take a look at Synolocker. They are now targeting devices and bypassing the computer altogether.

Well at least one of the pests have been knocked aside. But yeah, last I checked there were about 3-4 other varients and whole new ransomwares such as Synolocker.

With the other varients of Cryptolocker, shouldn't the decrypting process really be easy to shoot as well?

I mean, if the other varients such as Cryptodefence and Cryptowall came from Cryptolocker. Then shouldn't some "code-fiddling" reveal a pattern in each? (Feel free to correct anything I got wrong)


An illusion is as real as the person who sees it, but wouldn't that be an illusion in and of itself?


#10 omab

omab

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 07 August 2014 - 04:32 AM

Any hope for us poor souls that got infected by CryptoWall? Surely decryption can't be too far  :clapping:


Edited by omab, 07 August 2014 - 04:32 AM.


#11 IllusionEclipse

IllusionEclipse

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chillin in my Compspace
  • Local time:11:24 PM

Posted 07 August 2014 - 05:19 AM

Any hope for us poor souls that got infected by CryptoWall? Surely decryption can't be too far  :clapping:

Well if Cryptolocker's encryption got cracked, then the rest hopefully should follow suit eventually


An illusion is as real as the person who sees it, but wouldn't that be an illusion in and of itself?


#12 ITGeekGirl

ITGeekGirl

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:07:24 AM

Posted 07 August 2014 - 07:03 AM

 

Any hope for us poor souls that got infected by CryptoWall? Surely decryption can't be too far  :clapping:

Well if Cryptolocker's encryption got cracked, then the rest hopefully should follow suit eventually

 

 

I don't think they cracked the encryption. They took control of one of the malware distributor's servers that have the keys stored on them. 

 

If I read Andrew's post correctly that is. 



#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 42,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 07 August 2014 - 08:56 AM

With the other varients of Cryptolocker, shouldn't the decrypting process really be easy to shoot as well?

I mean, if the other varients such as Cryptodefence and Cryptowall came from Cryptolocker. Then shouldn't some "code-fiddling" reveal a pattern in each? (Feel free to correct anything I got wrong)


The keys were acquired during takeover. Not cracked.

There is no evidence that CryptoDefense and CryptoWall are in any way related to CryptoLocker other than that they do the same thing.

#14 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:07:24 AM

Posted 07 August 2014 - 03:15 PM

Hmmm... Are .rar files encrypted by cryptolocker? If not it might be just the right way to protect mictures and documents you want, you just need 7zip, peezip or winrar to un rar them i guess


Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#15 EffectiveBones484

EffectiveBones484

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Howling Abyss
  • Local time:06:24 AM

Posted 07 August 2014 - 07:51 PM

It's about time... The "Good Guys" just need to keep up at whatever they're doing...






8 user(s) are reading this topic

0 members, 8 guests, 0 anonymous users