Menu
Feb 04, 2015 Hey everyone, I have been searching in the internet a while ago for a sample download of the Cryptolocker ransomware. I would like to test it out on my virtual machine then try to decrypt my files using the site decryptcryptolocker.com. Anyone got an idea where can I get my hands on it? Cryptolocker uses standard malware attacks to get itself on your computer: social engineering emails with the trojan attached, drive-by downloads from infected web sites, and inclusion in additional malware downloaded by other trojans already infecting a computer (botnets). Cryptolocker uses standard malware attacks to get itself on your computer: social engineering emails with the trojan attached, drive-by downloads from infected web sites, and inclusion in additional malware downloaded by other trojans already infecting a computer (botnets). CryptoLocker, detected by Sophos as Troj/Ransom-ACP, is a malicious program known as ransomware. Some ransomware just freezes your computer and asks you to pay a fee. (These threats can usually be. Ransom.Cryptolocker is a Trojan horse that encrypts files on the compromised computer and then prompts the user to purchase a password in order to decrypt them. Note: Definitions prior to August, 2016 may detect this threat as Trojan.Cryptolocker.
Good news for anyone affected by Cryptolocker. IT security firms FireEye and Fox-IT have launched a long-awaited service to decrypt files held hostage by the notorious ransomwareDon't Fall Foul of the Scammers: A Guide To Ransomware & Other ThreatsDon't Fall Foul of the Scammers: A Guide To Ransomware & Other ThreatsRead More.
This comes shortly after researchers working for Kyrus Technology released a blog post detailing how CryptoLocker works, as well as how they reverse engineered it to acquire the private key used to encrypt hundreds of thousands of files.
The CryptoLocker trojan was first discovered by Dell SecureWorks last September. It works by encrypting files that have specific file extensions, and only decrypting them once a ransom of $300 had been paid.
Although the network that served the Trojan was eventually taken down, thousands of users remain separated from their files. Until now.
Have you been hit by Cryptolocker? Want to know how you can get your files back? Read on for more info.
Cryptolocker: Let’s Recap
When Cryptolocker first burst on the scene, I described it as the ‘nastiest malware everCryptoLocker Is The Nastiest Malware Ever & Here's What You Can DoCryptoLocker Is The Nastiest Malware Ever & Here's What You Can DoCryptoLocker is a type of malicious software that renders your computer entirely unusable by encrypting all of your files. It then demands monetary payment before access to your computer is returned.Read More‘. I’m going to stand by that statement. Once it gets its hands on your system, it’ll seize your files with near-unbreakable encryption and charge you a small fortune in Bitcoin to get them back.
It didn’t just attack local hard drives, either. If there was an external hard drive or a mapped network drive connected to an infected computer, it too would be attacked. This caused havoc in businesses where employees often collaborate and share documents on network attached storage drives.
The virulent spread of CryptoLocker was also something to behold, as was the phenomenal amount of money it pulled in. Estimates range from $3m to a staggering $27m, as victims paid the ransom that was demanded en-masse, eager to get their files back.
Download Ransomware Virus For Testing
Not long after, the servers used to serve and control the Cryptolocker malware were taken down in ‘Operational Tovar‘, and a database of victims was recovered. This was the combined efforts of police forces from multiple countries, including the US, the UK, and most European countries, and saw the ringleader of the gang behind the malware indicted by the FBI.
Which brings us to today. CryptoLocker is officially dead and buried, although many people are unable to get access to their seized files, especially after the payment and control servers were taken down as part of Operation Server.
But there’s still hope. Here’s how CryptoLocker was reversed, and how you can get your files back.
Cryptolocker Download Link For TestingHow Cryptolocker Was Reversed
After Kyrus Technologies reverse engineered CryptoLocker, the next thing they did was to develop a decryption engine.
Files encrypted with the CryptoLocker malware follow a specific format. Each encrypted file is done with an AES-256 key that is unique to that particular file. This encryption key is then subsequently encrypted with a public/private key pair, using a stronger near-impervious RSA-2048 algorithm.
The public key generated is unique to your computer, not the encrypted file. This information, in conjunction with an understanding of the file format used to store encrypted files meant that Kyrus Technologies were able to create an effective decryption tool.
But there was one problem. Although there was a tool to decrypt files, it was useless without the private encryption keys. As a result, the only way to unlock a file encrypted with CryptoLocker was with the private key.
Crypto Locker Downloader
Thankfully, FireEye and Fox-IT has acquired a significant proportion of the Cryptolocker private keys. Details about how they managed this are thin on the ground; they simply say they got them through ‘various partnerships and reverse engineering engagements’.
This library of private keys and the decryption program created by Kyrus Technologies means that victims of CryptoLocker now have a way to get their files back, and at no cost to them. But how do you use it?
Decrypting A CryptoLocker Infected Hard Drive
First, browse to decryptcryptolocker.com. You’re going to need a sample file that has been encrypted with the Cryptolocker malware to hand.
Then, upload it to the DecryptCryptoLocker website. This will be then be processed, and (hopefully) return the private key associated with the file which will then be emailed to you.
Then, it’s a matter of downloading and running a small executable. This runs on the command line, and requires that you specify the files you wish to decrypt, as well as your private key. The command to run it is:
Decryptolocker.exe –key “<key>” <Lockedfile.doc>
Just to re-iterate – This won’t automatically run on every affected file. You’ll need to either script this with Powershell or a Batch file, or run it manually on a file-by-file basis.
So, What’s The Bad News?
It’s not all good news though. There are a number of new variants of CryptoLocker that continue to circulate. Although they operate in a similar fashion to CryptoLocker, there’s no fix for them yet, other than paying the ransom.
More bad news. If you’ve already paid the ransom, you’re probably never going to see that money ever again. Although there have been some excellent efforts made at dismantling the CryptoLocker network, none of the money earned from the malware has been recovered.
Crypto Locker Downloads
There’s another, more pertinent lesson to be learned here. A lot of people made the decision to wipe their hard drives and start afresh rather than pay the ransom. This is understandable. However, these people will not be able to take advantage of DeCryptoLocker to recover their files.
Download whatsapp for android free. If you get hit with similar ransomwareDon't Pay Up - How To Beat Ransomware!Don't Pay Up - How To Beat Ransomware!Just imagine if someone showed up on your doorstep and said, 'Hey, there's mice in your house that you didn't know about. Give us $100 and we'll get rid of them.' This is the Ransomware..Read More and you don’t want to pay up, you might want to invest in a cheap external hard-drive or USB Drive and copy your encrypted files over. This leaves open the possibility of recovering them at a later date.
Tell Me About Your CryptoLocker Experience
Were you hit by Cryptolocker? Have you managed to get your files back? Tell me about it. The comments box is below.
Photo Credits: System Lock (Yuri Samoiliv), OWC external hard drive (Karen).
Explore more about: Anti-Malware, Encryption, Trojan Horse.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |