Cryptolocker victims to get files back for free

Padlock image Before now Cryptolocker victims had to pay a hefty fee to get the keys to unlock their data

Related Stories

All 500,000 victims of Cryptolocker can now recover files encrypted by the malware without paying a ransom.

The malicious program encrypted files on Windows computers and demanded a substantial fee before handing over the key to the scrambled files.

Thanks to security experts, an online portal has been created where victims can get the key for free.

The portal was created after security researchers grabbed a copy of Cryptolocker's database of victims.

"This time we basically got lucky," said Michael Sandee, principal analyst at Fox-IT - one of the security firms which helped tackle the cyber-crime group behind Cryptolocker.

Cash call

In late May, law enforcement agencies and security companies seized a worldwide network of hijacked home computers that was being used to spread both Cryptolocker and another strain of malware known as Gameover Zeus.

This concerted action seems to have prompted an attempt by the gang to ensure one copy of their database of victims did not fall into police hands, said Mr Sandee.

What the criminals did not know, he said, was that police forces and security firms were already in control of part of the network and were able to grab the data as it was being sent.

Evgeniy Bogachev Evgeniy Bogachev was believed to be living in Russia, the FBI said

The action also involved the FBI charging a Russian man, Evgeniy Bogachev, aka "lucky12345" and "slavik", who is accused of being the ring leader of the gang behind Gameover Zeus and Cryptolocker.

The Gameover Zeus family of malware targets people who bank online, and is thought to have racked up millions of victims.

Cryptolocker was created by a sub-group inside the larger gang, said Mr Sandee, and first appeared in September 2013, since when it has amassed about 500,000 victims.

Those infected were initially presented with a demand for $400 (£237), 400 euros ($535; £317) or an equivalent amount in the virtual Bitcoin currency. Victims had 72 hours to pay up or face the keys that would unlock their files being destroyed.

Analysis of the back-up database indicates that only 1.3% of all the people hit by the malware paid the ransom.

Despite the low response rate, the gang is believed to have netted about $3m from Cryptolocker. Many of those caught out did not pay because they were able to restore files from back-ups.

However, others are believed to have lost huge amounts of important files and business documents to the cyber-thieves.

"There's a bit of guesswork in that figure because some of it was paid in bitcoins and that does not have a fixed exchange rate," said Mr Sandee.

Now, security firms Fox-IT and FireEye - which aided the effort to shut down the Gameover Zeus group - have created a portal, called Decrypt Cryptolocker, via which any of the 500,000 victims can find out the key to unlock their files.

"All they have to do is submit a file that's been encrypted from that we can figure out which encryption key was used," said Greg Day, chief technology officer at FireEye.

Mr Day said people wishing to use the portal should submit a file that did not contain sensitive information to help it verify which key they needed.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Thinkstock)

Five craziest space missions?

Landing on a comet is easy by comparison Read more...

Programmes

  • A prosthetic legClick Watch

    How motion capture technology is being used to design bespoke prosthetics

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.