We’ve blogged previously about a nasty piece of ransomware called CryptoLocker, which gives its victims a difficult choice: Either pay the “ransom” ($400, although other variants may have different fees) to re-gain access to your files or lose your valuable data forever. However, as of earlier this month, victims have a third choice that may result in full recovery of their files.
Two security firms – FireEye in California and Fox-IT in the Netherlands – announced the collaborative launch of a new service that victims can use to recover their stolen files.
How does the service work? At the website – Decryptcryptolocker.com – victims provide an email address. They are then prompted to upload one file that has been encrypted by CryptoLocker. The service will email a link that victims can use to download a recovery program and a key to decrypt all of their scrambled files—the same key that CryptoLocker’s creators were once charging victims for, now available for free. This press release provides complete details on this free service, which is available globally and does not require users to provide contact information (just an email address so they can receive the decryption key).
FireEye and Fox-IT apparently obtained the necessary technology from “Operation Tovar,” an international effort in June that sought to takedown the CryptoLocker distribution network.
FireEye, one of the preeminent security firms in the U.S., acquired Mandient earlier this year. Mandient is a preeminent player in the US which generated national publicity last year with their expose regarding the cyber espionage operations of China’s People’s Liberation Army. (See https://www.mandiant.com/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators/ for a fascinating read.)
