from Hacker News

New Site Recovers Files Locked by Cryptolocker Ransomware

by Albuca on 8/7/14, 3:07 AM with 41 comments

  • by TeMPOraL on 8/7/14, 10:02 AM

    > The free decryption service was made possible because Fox-IT was somehow able to recover the private keys...

    Part of me is so hoping that they extracted those keys from the crooks using rubber-hose cryptanalysis. There are many types of Internet scams, some more evil than others, but this is one of the nastiest I ever heard of.

  • by nospecinterests on 8/7/14, 6:15 AM

    I know they are doing this as a community service... because, I assume they feel it is their honor and duty to do so... but why the hell do these guys NOT have at least a donate link/button on their site!!!!! This is crazy. I know they are going to get awesome press which would have normally cost thousands but it never hurts to throw up a link and see how much your appreciated.

  • by aresant on 8/7/14, 3:59 AM

    Key from one of the comments "It’s not too late if you still have the encrypted files, as I suspect many people do, hoping that someday a program like this would come along."

    That is awesome. I'm sure a large percentage of people with irreplaceable files hung onto them, hope these guys get the exposure they deserve for the site.

    #1 on HN is a good start.

  • by mp4box on 8/7/14, 4:04 AM

  • by userbinator on 8/7/14, 5:05 AM

    This is interesting because it's one of those cases where insecurity can turn out to be a good thing - had those cybercriminals been more careful with their systems and made them more secure, this may have never been possible; but then again, the malware might not have been able to do this in the first place if the users' systems were more secure. How that could be accomplished is also worth considering - there is a school of thought that suggests taking control away from the users and disallowing them from doing anything that some entity (corporate or government) does not approve of on the assumption that users will always make mistakes (e.g. Trusted Computing), but this also means loss of freedom - as the saying goes, "freedom is not worth having if it does not include the freedom to make mistakes."

    However, if on the other hand we allow the users freedom, and thus assume that mistakes (such as being infected with malware like this) will happen, then it makes sense that a means of recovery should be available, which is not something that "perfect" security allows. To use an analogy, people who have lost their keys or had them stolen should still be able to gain access to their house. In the physical world, perfect security is nearly impossible, but with digital data, it's not. Locking an item in a safe means it can still be retrieved if the key is lost by, in the worst possible circumstance, cutting open the safe, no matter how physically strong it is. Encrypting data with a long-enough key and sufficiently strong algorithm means it's truly practically destroyed without the key. I think this point - that encryption can be really, really, really unrecoverably strong - needs to be made more aware as we continue to use more of it.

    It would be particularly ironic if this recovery was made possible through exploiting the malware servers with something like Heartbleed...

  • by RAB1138 on 8/7/14, 4:08 PM

    Relevant: Neil Stephenson's Reamde takes the principle of Ransomware and plays it out to a fun conclusion. This site would have come in handy. Highly recommended http://www.audible.com/pd/Sci-Fi-Fantasy/Reamde-Audiobook/B0...

  • by gordon_freeman on 8/7/14, 6:09 AM

    I just hope as many people as possible who were affected by this lockdown and who have not paid ransom yet would know about this. As per the Krebs' article only 1.3% paid ransom so it's not too late.

  • by timsayshey on 8/7/14, 12:17 PM

    Has anyone here looked at the software? It requires you to manually run a command from the command prompt for every file. Decryptolocker.exe --key "<key>" <Lockedfile>

    If I have thousands of files, that will take forever, anyway to batch decrypt?

  • by xxxmadraxxx on 8/7/14, 5:55 AM

    Of course, the conspiracy theorist might say that it's a bit too convenient to suppose the hitherto extremely clever criminals helpfully and stupidly copied their private keys across to computers controlled by 'the feds'. A bit like those supposedly 'random' police stopping of vehicles which turn out to be full of drugs or explosives.

    Maybe public/private key pairs aren't as secure as we've been lead to believe.