Cryptolocker's global infection rate. Click to enlarge. (Source: Fox-IT)
Cryptolocker’s global infection rate. Click to enlarge. (Source: Fox-IT)

Cryptolocker is one of the most potentially painful pieces of Windows malware floating around the web these days. When the software infiltrates a computer, it encrypts the contents of the hard disk and demands that users pay a ransom (usually in Bitcoin or MoneyPak) to get their files back.

If someone doesn’t pay the ransom, or doesn’t pay it in time, their files are gone forever. For people who don’t have strong backups, that could mean losing precious photos or important documents.

That’s why security firms FireEye and Fox-IT teamed up to run decryptcryptolocker.com, a service that lets people upload a file and get back an app that will decrypt all of the files on their hard drive without paying the ransom.

cryptolocker-warningAccording to Fox-IT, hundreds of thousands of computers have been infected with Cryptolocker, while only 1.3 percent of those infected have paid the ransom. Some of the people who didn’t pay up were likely able to restore their information in another way, but that still means there are vast troves of lost data around the world.

Operation Tovar, an international effort to shut down the GameOver Zeus botnet that was used as a distribution platform for Cryptolocker, has stopped the tide of new infections. In the process, Fox-IT researchers were able to get ahold of the master decryption keys, which now power the free decryption service.

It’s worth noting that there are other forms of “ransomware” still out in the wild, including CryptoWall and OnionLocker, but Cryptolocker is the leading piece of ransom ware by sheer number of computers infected. Of course, it’s unlikely that the web’s more nefarious elements will give up on the ransomware dream altogether, but this tool should help some people get their files back.

Comments

  • Vroo (Bruce Leban)

    How do victims find out about this? And when they do, how do they know they can trust a service on a domain just registered in the last few days? After all, claiming to fix your infected PC is a common attack vector!

    Also, the chart is incorrectly labeled. It says “rate” but it’s actually “count” — the number of “infections” in each country. While this statistic is interesting, it’s not the same as a rate — the percentage of PCs that are affected.

Job Listings on GeekWork