Victims of the ransomware CryptoLocker can now get their files back free, thanks to the work of FireEye and Fox-IT.
The malware, which was discovered last year, was controlled by the same servers that hosted GameoverZeus. These were taken down by an international law enforcement effort in May 2014, although the alleged mastermind is still at large.
In the eight months it was operational, however, Cryptolocker infected some 600,000 Windows computers, encrypting users' files and demanding an average of US$300 to release them.
[Related: Uncracking Cryptolocker]
ZDNet estimated that the malware's masters had managed to extort at least 41,928 Bitcoins from victims - equivalent at the time to about $27 million - in the first three months of its operation.
Until now, no one had managed to defeat the programme, with users having no option but to pay up if they wanted any chance of getting their files back.
Indeed, FireEye and Fox-IT haven't exactly managed to crack open CryptoLocker either. Ronald Prins of Fox-IT said on Twitter the companies hadn't managed to exploit a hole in the ransomware's encryption, but had instead managed to grab a copy of the victim database.
@martijn_grooten The portal was created after security researchers grabbed a copy of Cryptolocker's database of victims.
— Ronald Prins (@cryptoron) August 6, 2014
Victims who need files unlocking can visit the Decrypt Cryptolocker website, where they will be asked to enter their email address and upload one of the affected files, which should not contain any personally identifiable or sensitive information. They will then receive a master decryption key to their email, plus a download link to the recovery programme, and be able to decrypt the remaining files.
"Each infected system will require its own unique master decryption key," the companies advise, "So in case you have multiple systems compromised by CryptoLocker, you will need to repeat this procedure per compromised system."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
