- Apr 25, 2013
- 5,355
A few weeks back we reported on the launch of a free tool to help out CryptoLocker victimsallowing them to retrieve locked files.
One of the companies behind the DecryptCryptoLocker tool, Fox-IT, has released some details of how well it's working. It has so far dealt with 2,900 requests for decryption keys and dozens more are being received on a daily basis.
Decryption requests have come in from around the world with most being from the US with 1,933 and the UK with 546. The most common file type being decrypted is PDF closely followed by .doc files.
Fox-IT's blog notes that new players are still trying to fill the vacuum left by the demise of P2P Zeus. "Parts of the inject code have reappeared in other botnets, we are tracking new malware variants being developed which appear to re-use or build upon parts of P2P Zeus and there is an upsurge activity from Gozi, Bugat and other existing malware variants. This means some of the high profile customers of P2P Zeus are looking for a new custom piece of malware while others customers simply joined other existing operations like Gozi".
It also points out that CryptoLocker made significant income for its operators which has led to a renewed interest in ransomware.
The DecryptCryptoLocker tool is still available for victims who need to unlock their files.
One of the companies behind the DecryptCryptoLocker tool, Fox-IT, has released some details of how well it's working. It has so far dealt with 2,900 requests for decryption keys and dozens more are being received on a daily basis.
Decryption requests have come in from around the world with most being from the US with 1,933 and the UK with 546. The most common file type being decrypted is PDF closely followed by .doc files.
Fox-IT's blog notes that new players are still trying to fill the vacuum left by the demise of P2P Zeus. "Parts of the inject code have reappeared in other botnets, we are tracking new malware variants being developed which appear to re-use or build upon parts of P2P Zeus and there is an upsurge activity from Gozi, Bugat and other existing malware variants. This means some of the high profile customers of P2P Zeus are looking for a new custom piece of malware while others customers simply joined other existing operations like Gozi".
It also points out that CryptoLocker made significant income for its operators which has led to a renewed interest in ransomware.
The DecryptCryptoLocker tool is still available for victims who need to unlock their files.
