Feeds

CryptoLocker victims offered free key to unlock ransomed files

Plus: One in four CERT cases relate to malware

Choosing a cloud hosting partner with confidence

Security researchers have released a tool that allows victims of the infamous CryptoLocker ransomware to unlock their computers at no charge.

DecryptoLocker from net security firm FireEye and threat intelligence company FoxIT offers a cure for the estimated 500,000 victims of CryptoLocker.

Victims need to upload a CryptoLocker-encrypted file onto the DecryptCryptoLocker portal in order to get the private keys necessary to decrypt files, as explained in a blog post by FireEye.

A FireEye spokesman told El Reg that a cache of private keys obtained from a commandeered command and control server was used to develop the decryption utility. That means CryptoLocker's encryption scheme remains unbroken, which, since it is based on best practices in cryptography otherwise used to protect e-commerce and privacy more generally, is actually a good thing.

The release of the decryption service comes around two months after a high profile FBI-led takedown operation against command nodes linked to CryptoLocker and Gameover ZeuS, a banking Trojan that also served as a conduit for the distribution of CryptoLocker.

At the time, the UK's National Crime Agency said that UK businesses and the public had a "two-week opportunity to rid and safeguard themselves" from Gameover ZeuS and CryptoLocker.

CryptoLocker first surfaced in September 2013, with P2P ZeuS (aka Gameover ZeuS) malware quickly emerging as the main distribution method. The ransomware encrypting important files such as images and documents on compromised Windows machines before demanding that victim pay up to $500 in BitCoins within 72 hours for the private keys necessary to unlock files.

CryptoLocker used AES symmetric cryptography to encrypt the files and encrypted the AES key with an RSA-2048 bit public key generated on the server side of CryptoLocker.

About 545,000 computers worldwide, around half in the US, have been infected with CryptoLocker between September 2013 and May 2014. Victims have been bilked of $27m (£16m) as a result of the malware, according to FBI estimates from June. In the end, 1.3 per cent of victims paid a CryptoLocker ransom, therefore, a large amount of victims likely permanently lost files due to this attack, according to Fox-IT.

Hopes that this takedown would kill off CryptoLocker have been dashed. CryptoLocker has evolved and once again started to compromise user devices, FireEye warns. This finding is backed up by third-party research over recent weeks from the likes of Sophos (here) and Seculert (here).

As well as releasing the decryption tool, FireEye and FoxIT also marked the opening of the Black Hat security conference in Las Vegas by unveiling new research into the origins and spread of CryptoLocker.

It's a CERT

In related security research news, CERT-UK coincidentally released its first quarterly report on Tuesday. The update from the UK's National Computer Emergency Response Team, which is in charge of co-ordinating cyber security incident response, focuses on threats such as the CrtyptoLocker/Gameover ZeuS takedown, the Heartbleed Open SSL bug and progress in rolling out the Cyber-security Information Sharing Partnership, which 500 firms had signed up to since its launch in June 2013. Malware-related incidents accounted for more than 25 per cent of all incidents handled by CERT-UK, the round-up adds.

The full 20-page report, which also features a case study on the handling of a recent IE zero-day, can be found here (PDF). ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?