Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Free Service to Help CryptoLocker Victims by FireEye and Fox-IT - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Free Service to Help CryptoLocker Victims by FireEye and Fox-IT

Various Internet Storm Center Handlers have written Diaries on the malware called CryptoLocker, a nasty piece of malware which encrypting the files of the systems it infects, then gives victims 72 hours to pay the ransom to receive a private key that decrypts those files. There are still victims out there with encrypted files, and if you're one of them or know of someone affected, the folks at FireEye and Fox-IT have created a web portal https://www.decryptcryptolocker.com/ to decrypt those files. 

This is a free service for any afflicted by CryptoLocker, many of which are small businesses without the resources to deal with this properly, so let people know.

Using the site is very straight forward (Steps taken from the FireEye blog[1]):

How to use the DecryptCryptoLocker tool

Users need to connect to the https://www.decryptcryptolocker.com/ 
Identify a single, CryptoLocker-encrypted file that they believe does not contain sensitive information.
Upload the non-sensitive encrypted file to the DecryptCryptoLocker portal.
Receive a private key from the portal and a link to download and install a decryption tool that can be run locally on their computer.
Run the decryption tool locally on their computer, using the provided private key, to decrypt the encrypted files on their hard drive.
DecryptCryptoLocker is available globally and does not require users to register or provide contact information.

This is a fantastic resource from both FireEye and Fox-IT, so thanks to all involved in making this happen and making it free to use.

For more background on CryptoLocker from Fox-IT, read their CryptoLocker ransomware intelligence report [2].

 

[1] http://www.fireeye.com/blog/corporate/2014/08/your-locker-of-information-for-cryptolocker-decryption.html

[2] http://blog.fox-it.com/2014/08/06/cryptolocker-ransomware-intelligence-report/

Chris Mohan --- Internet Storm Center Handler on Duty

Chris

105 Posts
ISC Handler
This is awesome. I have seen this in many cyber security related sites. Their audiences are least likely to benefit though. I have made efforts to inform mainstream media of this news. Their audiences are much more likely to benefit from this.
G.Scott H.

48 Posts
Very nice - it will hopefully help a lot of people that lost their data.

And we could always hope that everyone now have offline backups, or backups that support going back to previous versions of files / folders. So we'll come out of this stronger and wiser! ;)

A nice touch at the FAQ page for the service:
"Anonymous" asks a question - and FireEye answers "Kevin – someone will be reaching out about the issue shortly."
:D

---

PS: Future / other variants should be expected have a "fix" to close the the implementation bug this recovery service appears to be taking advantage of...
dotBATman

63 Posts
Quoting dotBATman:Very nice - it will hopefully help a lot of people that lost their data.

And we could always hope that everyone now have offline backups, or backups that support going back to previous versions of files / folders. So we'll come out of this stronger and wiser! ;)

A nice touch at the FAQ page for the service:
"Anonymous" asks a question - and FireEye answers "Kevin – someone will be reaching out about the issue shortly."
:D

---

PS: Future / other variants should be expected have a "fix" to close the the implementation bug this recovery service appears to be taking advantage of...
dotBATman
1 Posts

Sign Up for Free or Log In to start participating in the conversation!