There’s good news for people that have been affected by the Cryptolocker Ransomware – a security firm (FireEye and Fox-IT in the Netherlands) has apparently obtained some of the private keys that the coders of the ransomware used to encrypt the files in the first place.
The malware is a very prolific and damaging strain of “ransomware” that will “lock” files and encrypt them. The victim is then told to send a certain amount of money via Bitcoin in order to unlock the files. The victim is usually given a few days to respond and send the money, after which the ransom then doubles. This was an extremely difficult ransomware to deal with, and without the proper keys it was basically impossible to recover the files.
However, it seems that FireEye and Fox-IT have somehow gotten their hands on some of the private keys. Whether they hacked the hacker or not is not clear, but it’s a great work of Robin Hooding for sure.
They have set up a website where victims can upload just one of the locked files, and they will send out a link to a recovery program suited to the encryption that has hijacked their computer.
It’s very curious how the companies obtained the keys, but it seems to be connected with the international effort “Operation Tovar” that was aimed at taking down the Gameover ZeuS botnet, a huge network of infected computers that would distribute malware, including the Cryptolocker malware.
For people who have infected, they can head over to https://decryptcryptolocker.com in order to see if they keys the company recovered are the ones used to hijack their computer.
There’s no way to know if this is the last straw for Cryptolocker, however it’s possible that the hackers will just add new keys to their malware.
As always, stick to well known websites, and use anti-spyware and antivirus programs to secure your computer at all times.