R.I.P.
R.I.P. CryptoLocker. You were an entertaining piece of software. Congratz to the Developers $27m was it, huh? Very impressive!
Security researchers have released a tool that allows victims of the infamous CryptoLocker ransomware to unlock their computers at no charge. DecryptoLocker from net security firm FireEye and threat intelligence company FoxIT offers a cure for the estimated 500,000 victims of CryptoLocker. Victims need to upload a …
NO way was this not going to get cracked. It was too high profile and no matter how strong you think your lock is, someone smarter *will* break it.
http://forums.theregister.co.uk/forum/1/2014/01/02/cryptolocker_worm/
First post where i said it WILL happen and it did...
In the workds of Kryten "ah, smug mode!.
What is there about my comprehension you seem to think is lacking??
A set of private keys were recovered, it doesnt matter how, by who or when. The simple fact is they were recovered and that allowed the decryption of probably millions of files.
No doubt a blessed relief to a great many peeps
If they hadn't been recovered we wouldn't be having this conversation.
So, go on SRS, explain, what is it about my comprehension i lack?
>Cracked, hacked, decrypted, recovered keys, i dont give a monkeys HOW it was done. But it was..
Thief 1: We managed to crack the uber secure super vault.
Thief 2: Awesome! But how? We have been trying for years without success. Even the cops and even three letter agencies haven't been able to get in! That is a game changer. Can you describe how you did it?
Thief 1: We found a spare set of keys in the wife's handbag.
If government funded CERT-UK were focusing on the threat of Cryptolocker et al, why has the cure been provided by two private companies?
Completely honest question: Are CERT doing anything useful, or are they just a bunch of official hand wringers re-publishing the sort of advice that you can get on the Reg for free?
... and now this partial free decrypting tool "appears" ..."like magic" ... with a statement of having reverse-engineered some private keys "left behind" ...
The question is still there "who is really behind Cryptolocker" ?
All this decrypting things looks fishy as hell... the truth will be never be known but it's obvious here some really bad things are going on...
No, these are well-known security companies who participated in the recent takedown of some C&C servers. The tool didn't appear like magic; it's pretty well explained in the article.
The truth is known, you just don't want to accept it.
Had a few clients infected with this due to bad on the ground security practices, deleted the lot and restored from online backup. Business as usual after a slightly extended lunch break...
Do feel sorry for home users who got hit though, i heard of someone who lost their dissertation, no one but his own fault for no backup but still. Ouch...
To protect against Cryptolocker, it's not enough to just have "backups". If all you do is copy your data files to an external drive, say, once a week, then your backups would likely be corrupted as well. What you need is "regular backups with full version history maintained".
I don't think I know anyone who has that kind of setup at home.
This evil malware is simply the worst. I cannot think of a punishment too horrible for the perps. The sweeping human misery caused by this should be enough to lock them up for the rest of their lives. I am deadly serious.
Regardless of the ratio of stupid to evil involved here, these are, operationally, dangerous sociopaths and should be treated that way.
Every single nickel being spent enforcing copyrights for private interests should be redirected to hunting down these dogs. They should then be locked up with RIAA folk and periodically enough meat for one should be tossed into the cage.
Above not nearly cruel enough so I think we should probably fund a project to invent fitting punishment. Maybe put them at the mercy of several thousand people they harmed?
Contrary to what you may have seen in certain movies... drastic punishments should really be reserved for people who do something actively bad.
People who just screw up at their job, without malice, don't deserve anything worse than - at most - being fired. Anything else just creates an environment where no-one will even try to do those jobs...
You're probably right about "actively bad". I'm just more than a bit testy about AV companies who's products don't detect known malware and block it. I'm sorta' hoping there's a special place in hell for the MS Windows folks who leave holes.... and never fix them.
Well the perps did do encryption right and it's only the fact that they needed infrastructure that they did not manage themselves that this "reverse" engineering can take place. Like all security, it's only as secure as the weakest link.
And so there are 500'000 private keys "available". I bet only a fraction are used....many people have probably formatted, given up or simply moved on.
Ransomware will continue and will become even more sophisticated. Easy money for the bad guys will ensure that.
I got the key, but when I tried it I get the error "Unsuccessful loading key: RSA key format is not supported".
When I check their blog I find comments to the blog post say the tool returns an error: "Unsuccessful loading key: RSA key format is not supported" and a reply says that someone will be reaching out about the error shortly.
http://www.fireeye.com/blog/corporate/2014/08/your-locker-of-information-for-cryptolocker-decryption.html