Cryptolocker Unlocked – Whitehat Hackers Recover Encryption Keys


Proving once again that not all hackers are up to no good, a team of Whitehat hackers have fought back against the Cryptolocker Trojan virus.  Researchers from Fox-IT and FireEye were able to recover many of the keys used to encrypt user’s hard drives, and even reverse-engineer the Trojan to create a way for affected users to free themselves from the nefarious Cryptolocker.

From FireEye’s blog:

To help solve the problem of victims’ files still being encrypted, we leveraged our close partnership with Fox-IT. We developed a decryption assistance website and corresponding tool designed to help those afflicted with the original CryptoLocker malware. Through various partnerships and reverse engineering engagements, Fox-IT and FireEye have ascertained many of the private keys associated with CryptoLocker. Having these private keys allows for decryption of files that are encrypted by CryptoLocker.

FireEye and Fox IT have created a webpage,, where a user can upload an encrypted CryptoLocker file. Based on this upload, the user will be provided with the option to download a private key that should decrypt their affected files. The site also provides instructions on how to apply this key to the files encrypted by CryptoLocker to decrypt those files.

FireEye goes on to list the necessary steps to decrypt files and restore a user’s computer.  While FireEye does not store, read, or in any way save the encrypted files that are uploaded as part of this tool, they still recommend sending a file with no personal or confidential information.  These are definitely the good guys, but they still want affected users to take all necessary precautions.

Ars Technica quotes a BBC report detailing some of the numbers behind Cryptolocker.  While users can now unlock their PC’s for free using this tool, it seems that the creators of Cryptolocker may have made as much as $3 million from affected users that paid the ransom before they were shut down.

Unfortunately, Cryptolocker probably won’t be the last virus that causes headaches for users.  Fortunately, there are still people out there that strive to prevent these viruses from wreaking havoc.

Have you or anyone you know been affected by Cryptolocker?  Let us know in the comments or on Google+, Facebook, or Twitter.

  Source: FireEye  Source: ArsTechnica

Featured image courtesy

To Top