The ransomware that started the craze, Cryptolocker, may be effectively neutralized after two security companies have found a way to unlock encrypted files.
FireEye, a California-based cybersecurity firm, and Fox-IT, a Dutch firm have earned themselves a gold star from users and IT departments after setting up a new site that will neutralize the dreaded Cryptolocker malware.
(Maybe go ahead and bookmark that site now, just in case you need it later.)
How Cryptolocker worked
Cryptolocker’s methodology is well-documented now.
The malware would make its way onto users’ systems, encrypting all their files and displaying a countdown clock. If users didn’t pay a ransom by the time the clock reached zero, they wouldn’t receive the keys to the encryption – and lose access to those files forever.
As many as half a million users may have been infected. Against security advocates’ advice, some paid up.
While law enforcement was able to shut down many of the servers the malware was hosted on, until now there had been no reliable way to retrieve locked files.
But Fox-IT was somehow able to discover the correct private encryption key that Cryptolocker used.
As a result, users just need to submit an encrypted file to the website to receive a solution from FireEye and Fox-IT.
Of course, when one attack has success – and by most accounts, this was a financially successful attack – copycats are sure to follow.
As always, make sure users are appropriately wary of attachments and other common phishing attempts. These would be the most likely entry point for malware onto your systems.
And as an organization, decide what your approach to ransom attacks should be. Experts recommend not paying, because ransoms could always be increased and there’s no guarantee hackers will actually undo the damage. But it’s better to have your plan in place and in writing than to be caught off guard when the clock starts ticking.