CryptoLocker victims offered free file decryption service

Data breach

Victims of the CryptoLocker ransomware have been thrown a virtual lifeline through the launch of a free service that lets users decrypt any files that have been maliciously locked down.

The CryptoLocker malware is designed to work in tandem with another piece of malicious software called GOZeus.

The latter is designed to lay dormant on a person's machine until it has the opportunity to capture their bank account details before sending them back to a botnet.

If no such opportunity arises, CryptoLocker is then activated and sets about encrypting the user's files without permission. A popup will then later appear to demand a payment of 200-300 to free the files.

As reported by IT Pro at the start of June, the pair were recently at the centre of an alert by the National Crime Agency (NCA) after it emerged that 15,000 UK citizens had been affected by them.

At the time, the NCA said computer users had a two-week window to protect themselves from the risk of malware infection, thanks to the combined effort of its own officers, the FBI, Europol and various ISPs.

Since then, the US Department of Justice has claimed the threat posed by the pieces of malware has now been neutralised, and work has now begun on clearing up the fallout from it.

As such, security vendor FireEye has teamed up with Fox-IT to bring to market DecryptCryptoLocker, a free service that aims to help victims regain access to their files.

Users simply need to pinpoint a file containing non-sensitive information that has been encrypted by the CryptoLocker malware, upload it to an online portal and then wait for a private key and download link to be sent to them.

The link will enable them to install a decryption tool that can be run locally on their computer that uses the key to unlock their files.

Darien Kindlund, director of threat intelligence at FireEye, said they hope the tool will be used by the thousands of business users that have been inconvenienced by CryptoLocker.

"No matter the type of cyber breach that a business is impacted by, it is our goal to resolve them and get organisations back to normal operations as quickly as possible," he said.

Andy Chandler, senior vice president of Fox-IT, added: "The criminals continue to push the boundaries; Fox-IT's InTELL team and FireEye have shared expertise and investment to deliver a free service that demonstrates there are plenty of good guys who are there to help those who are the victims of the criminals."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.