Free tool unlocks CryptoLocker files held for ransom

WASHINGTON — A new service is helping computer users unlock files recently held for ransom by CryptoLocker malware.

DecryptCryptoLocker was announced this week by security companies FireEye and Fox-IT, and it’s free.

CryptoLocker is a type of ransomware that typically targeted small enterprises, encrypting the files of computers it infected and giving victims 72 hours to pay a ransom, typically around $350, within 72 hours, to receive a private key that decrypts their files.

In December of last year, Dell SecureWorks estimated CryptoLocker had infected 250,000 victims, according to ZDNet.

In June of this year, the Department of Justice took down a ring of cyber-criminals in what was known as Gameover Zeus Botnet, which the agency says has neutralized the threat.

Still, many CryptoLocker victims have not been able to decrypt their files.

Unlocking files held by CryptoLocker

According to the security companies, to use the DecryptCryptoLocker tool, users need to:

  1. Identify a single, CryptoLocker-encrypted file that they believe does not contain sensitive information.
  2. Upload the non-sensitive encrypted file to the DecryptCryptoLocker portal.
  3. Receive a private key from the portal and a link to download and install a decryption tool that can be run locally on their computer.
  4. Run the decryption tool locally on their computer, using the provided private key, to decrypt the encrypted files on their hard drive.

On its blog, FireEye offers step-by- step instructions on how to run the program to decrypt the files.

The fix is not foolproof, however.

FireEye says there are several variants of CryptoLocker, and the tool may not successfully decrypt files encrypted by every variant.

Follow @WTOP and @WTOPtech on Twitter, and on the

Federal News Network Logo

More from WTOP

Log in to your WTOP account for notifications and alerts customized for you.

Sign up