FireEye in collaboration with Fox-IT have released a way to possibly retrieve the private decryption key for those who were infected by the CryptoLockerinfection.
As covered extensively in the past, CryptoLocker was a ransomware program that encrypted the data files on an infected computer. In the past, the only way to decrypt your files was to pay the ransom in order to get a decryption key and decrypter.
Recently, some of the servers associated with CryptoLocker and the Gameover malware distribution network were taken over by security firms and government agencies, which included FireEye and Fox-IT, during Operation Tovar. During this operation it appears that some of the decryption keys were discovered and are being made available.
In order to see if your decryption key is available, you need to go the site decryptcryptolocker . At this site you can upload one of your CryptoLocker encrypted files and an email address that you wish the key to be sent to.
This service will then attempt to decrypt your file using all of the known private decryption keys, and if there is a match, will email you the key and instructions on how to decrypt the rest of your files
In my tests the decrypter does indeed work, but can be confusing to use.
by ;
Besart Fejzullahu
IT Specialist
No comments:
Post a Comment