Threat Level: green Handler on Duty: Richard Porter

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Free Service to Help CryptoLocker Victims by FireEye and Fox-IT

Published: 2014-08-06
Last Updated: 2014-08-07 00:25:37 UTC
by Chris Mohan (Version: 1)
2 comment(s)

Various Internet Storm Center Handlers have written Diaries on the malware called CryptoLocker, a nasty piece of malware which encrypting the files of the systems it infects, then gives victims 72 hours to pay the ransom to receive a private key that decrypts those files. There are still victims out there with encrypted files, and if you're one of them or know of someone affected, the folks at FireEye and Fox-IT have created a web portal to decrypt those files. 

This is a free service for any afflicted by CryptoLocker, many of which are small businesses without the resources to deal with this properly, so let people know.

Using the site is very straight forward (Steps taken from the FireEye blog[1]):

How to use the DecryptCryptoLocker tool

Users need to connect to the 
Identify a single, CryptoLocker-encrypted file that they believe does not contain sensitive information.
Upload the non-sensitive encrypted file to the DecryptCryptoLocker portal.
Receive a private key from the portal and a link to download and install a decryption tool that can be run locally on their computer.
Run the decryption tool locally on their computer, using the provided private key, to decrypt the encrypted files on their hard drive.
DecryptCryptoLocker is available globally and does not require users to register or provide contact information.

This is a fantastic resource from both FireEye and Fox-IT, so thanks to all involved in making this happen and making it free to use.

For more background on CryptoLocker from Fox-IT, read their CryptoLocker ransomware intelligence report [2].




Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: malware tool
2 comment(s)
Diary Archives