Decryptolocker Saves You From Cryptolocker Ransomware

Decryptolocker Saves You From the Popular Cryptolocker Ransomware

Cryptolocker is a nasty piece of malware that encrypts the files on your computer and holds them ransom. If you don't pay for a code to unlock the files, you don't get them back. FireEye and Fox-IT recently launched a tool to help users get their files back.

You should make sure you have the necessary precautions against malware like Cryptolocker:

  • Antivirus. We recently covered the best antivirus software and that's your best line of defence. No antivirus is foolproof, but it can go a long way.
  • Reliable, cloud-based backup. If you can't decrypt the files, the only way to get your data back is from a backup. In this case, your recovery options are better withan online backup service. Online backup services can restore your files to a time before they were encrypted; Cryptolocker infects external hard drives so they won't help you here.

However, if you're already infected, Decryptolocker allows you to email them an encrypted file, after which they will send you a master decryption key and tool to free your files. The keys they are using are based on the original version of Cryptolocker, so they won't always be able to help with newer variants. If you can, you're better off restoring your files from a backup, but this is a good last line of defence.

Decryptolocker [via Krebs on Security]


    Sorry, but antivirus software does not stop this. As it runs in the context of the user without needing higher access rights and does nothing a normal user can do.

    All it does is find the files, read them and write them back as encrypted.

    One thing I have found is it doesn't seem to know what UNC paths are, it only finds files in drive letter mappings.

    One of my sites got hit with this for the second time today. Unfortunately decrypts locker didn't recognise the variant so it didn't work.

    Luckily I've got functional backups so it wasn't a huge issue.

    We also have restrictions on userspace applications but it managed to get passed that too.

Join the discussion!

Trending Stories Right Now