Infected By Cryptolocker? Get Your Files Back For Free!

[Cowpipe]

Today marks the launch of a new online service provided by FireEye and Fox-IT aimed at helping victims of Cryptolocker to recover their files for free.

The service can be accessed here and comes after a major operation to grab a copy of Cryptolockers database proved successful.

For more information and to read the full blog post detailing how Cryptolocker works and how the service works, see the blog post here.

A word of caution to anyone jumping for joy, there are many variants of Cryptolocker and so using the decryption service is by no means a guarantee of getting your files back safe and sound. It is however, another beacon of hope for innocent victims caught up in the ongoing battle against ransomware.

 

[WinXPert]

Free I love Free. Ok cryptolockers give me your best shot?

Thanks @Cowpipe. Bookmarked, will read later.

 

[marg]

Thats news for some hope at least. I notice they use that stupid scrambled word text that is very hard for a normal person to figure out. I really hate sites that use this & what is the reason for using it.

 

[RevolutionSphere]

Thats news for some hope at least. I notice they use that stupid scrambled word text that is very hard for a normal person to figure out. I really hate sites that use this & what is the reason for using it.

If I'm correct, I think its to stop spam.

 

[WinXPert]

Thats news for some hope at least. I notice they use that stupid scrambled word text that is very hard for a normal person to figure out. I really hate sites that use this & what is the reason for using it.

To verify that you are human, as opposed to an automated robot spammer.

 

[Moose]

Listening! Thank you!

 

[cruelsister]

Please note that FireEye is being upfront by stating that any files saved are being done so by the result of WhiteHat hacking and not by any un-encryption routine.

To give a bit of nebulous background, you may know that the group responsible for Cryptolocker was identified and subsequently busted. Prior to the shutdown, a database of all the private unlock keys were acquired by the GoodGuys. One can then compare a file that was encrypted by this strain of Cryptolocker and derive the unlock key by consulting the seized database. This is what the Service does.

Don't get me wrong- this is a good thing, but only for this specific Cryptolocker.


Fun Fact- Less than 2% of those infected actually paid the ransom to get the code to unlock their files.

 

[Cowpipe]

Please note that FireEye is being upfront by stating that any files saved are being done so by the result of WhiteHat hacking and not by any un-encryption routine.

To give a bit of nebulous background, you may know that the group responsible for Cryptolocker was identified and subsequently busted. Prior to the shutdown, a database of all the private unlock keys were acquired by the GoodGuys. One can then compare a file that was encrypted by this strain of Cryptolocker and derive the unlock key by consulting the seized database. This is what the Service does.

Don't get me wrong- this is a good thing, but only for this specific Cryptolocker.


Fun Fact- Less than 2% of those infected actually paid the ransom to get the code to unlock their files.

Correct, which is why this is simply a "beacon of hope" rather than "First there was Crypto-locker, now there is Crypto-unlocker".

And interestingly that 2% accounted for approximately $30 million dollars, not bad earnings for a crook!

 

[Cowpipe]

Thats news for some hope at least. I notice they use that stupid scrambled word text that is very hard for a normal person to figure out. I really hate sites that use this & what is the reason for using it.

They're called CAPTCHA and some are much, much more annoying than others. The purpose however as others have pointed out is to try to verify if you're human or not by producing an image which cannot be automatically analysed for example by text recognition software (hence the distortions and lines). The recapcha series (an implementation or 'brand' of CAPTCHA) are incredibly annoying because of the way they distort the text, but they do have a secondary purpose in that the words come from old books. In entering the words you see on the screen, you're helping to digitize these old books.

There are other solutions however. SolveMedia produces a CAPTCHA system which requires you to enter in text from sponsors, which is of course, very easy to read.

Although where the advertising CAPTCHAs are disabled, or where the website thinks that you're a robot, a harder CAPTCHA is delivered like this one:

Notice the strong contrasting colours in the text and the irregularly shaped letters and broken lines. These are all to throw off recognition software

Still, the CAPTCHA above is much easier to enter than Recaptcha with those annoying distortions:

Hope that explains things a little better

 

[cruelsister]

Actually they only netted about 3 million USD (still a nice day at the office).

 

[Moose]

Greeting!

FireEye:
From what I hear has a great Android Anti-virus! I would love to try there Windows and Android Anti-vrus does anybody
have a trail/demo and/or code? Thanks!

 

[Oxygen]

Will infect myself later and see what this can do.

 

[Prorootect]

Another read about :
Cryptolocker victims to get files back for free : on bbc.co.uk/news : http://www.bbc.co.uk/news/technology-28661463

 

[Tony Cole]

Hi Cowpipe

This is excellent news, the fight against Cyryptolocker type malware is moving forward. Thank you for the info, it is very helpful and I've book marked the link. I just hope one never needs it.

Tony