CryptoLocker Reverse Engineered: Score One For the Good Guys

[legion]

I can tell you for a fact, based on my line of work, that many small businesses whose focus is not on IT were completely crippled by this virus until they paid the ransom. For them, $300 was far less than losing a day of work.

Whitehats recover, release keys to CryptoLocker ransomware | Ars Technica

Quote:

Whitehat hackers have struck back at the operators of the pernicious CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage.

Ransomware comes of age with unbreakable crypto, anonymous payments.
Through a partnership that included researchers from FOX-IT and FireEye, researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims' personal computer files until they pay a $300 ransom. They also reverse engineered the binary code at the heart of the malicious program. The result: a website that allows victims to recover the key for their individual content.

To use the free service, victims must upload one of the files encrypted by CryptoLocker along with the e-mail address where they want the secret key delivered. Both FOX-IT and FireEye are reputable security companies, but readers are nonetheless advised to upload only non-sensitive files that contain no personal information.

This latest blow against CryptoLocker comes two months after law enforcement agencies around the world disrupted a sprawling botnet that helped distribute CryptoLocker and other malware. Dubbed "Operation Tovar," the legal action largely neutralized the malicious network and the fallback mechanisms used to keep malware infections in place on 500,000 to one million computers.

In a blog post published Wednesday, FireEye researchers wrote:

Operation Tovar made a clear impact on the distribution of and infection of machines by CryptoLocker. However, there have been no known avenues available designed to help users get their encrypted files back without making significant payments to those responsible for infecting machines in the first place. While the remediation of infected machines can be somewhat difficult, hopefully with the help of https://www.decryptCryptoLocker.com and Decryptolocker.exe, we can help you get back some of the valuable files that may still be encrypted.

As always, to help prevent a threat like this from affecting you and your data, ensure you backup your data. Ideally, this would be done in at least two locations: One would be on premises (such as an external hard drive), and the other would be off premises (such as cloud storage).

According to the BBC, an analysis of the data seized by the whitehat hackers indicated that 1.3 percent of CryptoLocker victims paid the ransom to decrypt their personal data. That figure means the operators may have generated revenue as high as $3 million

[GH85Carrera]

Cool.

Now if they could just track down the bad guys and encrypt them in into jail. That will not likely happen but at least that one threat is removed.

[Tobra]

Seems like they could track the ransom money and go get those MFers

[gacook]

Quote:

Originally Posted by Tobra

Seems like they could track the ransom money and go get those MFers

Tracking money CAN be quite difficult, if the recipient is intelligent.

[sewell94]

I had to reformat my laptop from this virus. I know a few other business owners who just paid the ransom

[Porsche-O-Phile]

This is just the beginning. Wait until a version starts hitting peoples' smart phones. Most people (including me) can't live without them and most probably don't bother to back up regularly. Cha-ching!

Guarantee there will be many, many more knock-offs of this coming down the road.