Unlocking the Cryptolocker

Unlocking the CryptoLocker

For those who have not heard of CryptoLocker, thank your lucky stars that you were not one of the estimated 500,000 victims that were affected by this ransomware. As for those who were unfortunately affected, or those who are simply curious to find out how to decrypt it, read on.

What is CryptoLocker?

CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows. A CryptoLocker attack may come from various sources; one such is disguised as a legitimate email attachment. Once it worms its way into your system, it encrypts all of your files using strong AES-256-bit cryptography, which can only be unlocked by a private key.

What happened if someone fell victim to an attack?

The attacker demanded Bitcoins equating to around $300 USD in exchange for the key, or else the files stayed encrypted forever. According to BBC, 1.3 percent of victims paid to retrieve their files, totaling approximately $3 million USD before the criminal network was smashed by authorities and security researchers in May.

The solution is here – for free!

Researchers from FireEye and Fox-IT have managed to recover the private encryption keys used by CryptoLocker’s authors, as well as reverse-engineer the code powering the malware itself. Together they have launched the DecryptCryptoLocker – a free tool to assist victims of the CryptoLocker ransomware.

Use DecryptCryptoLocker here

However, FireEye warns that some data might not be recoverable, particularly if you’ve been infected by a CryptoLocker variant rather than CryptoLocker itself. “While these variants do appear similar to CryptoLocker, this tool may not be successful in all decryption processes because of code and functionality variances.”

How can I protect myself and my business from such attacks?

There are various preventative measures you can take from changes to your daily routines to restructuring of your IT systems. Here are a few we recommend:

  • If you receive an email with a suspicious attachment, do not click on it – this is especially so for files with .exe extensions (or .zip files containing .exe files)
  • Ask your IT department or service provider to block above mentioned file types from emails
  • Install or upgrade your email security to filter out spam more effectively
  • Show hidden file extensions – in the case of CryptoLocker, it frequently arrived in a file that is named with the extension “.PDF.EXE” – enable your computer’s ability to see the full file-extension to spot suspicious files easier
  • Backup your data regularly
  • Utilise external services to store backups on the cloud – ransomware such as CryptoLocker also affect files that are on mapped drives, so backing up to a cloud server ensures that your files are protected from such attacks
    (Learn more on protecting your business in the cloud from our previous post)

In a world where we rely heavily on technology for both work and personal uses, we must be prepared for the worst and protect ourselves at all times from attacks and other disasters. Speak to your managed services provider today to learn more about protecting your valuable business assets.