background preloader


Facebook Twitter

Free Service Helps CryptoLocker Victims Recover Files. FireEye and Fox-IT have teamed up to provide a new service to assist users whose computers have been infected with the notorious CryptoLocker ransomware.

Free Service Helps CryptoLocker Victims Recover Files

CryptoLocker has been designed to encrypt the most important files found on infected computers and keep them that way until victims pay the ransom demanded by the attackers. The threat has helped cybercriminals make millions of dollars from internauts and companies located all over the world. In June, law enforcement agencies and private sector companies announced that a major takedown operation targeting the Gameover Zeus botnet had also hit CryptoLocker. While new infections have been prevented, there are still a large number of users whose files remain encrypted. FireEye and Fox-IT have managed to obtain many of the private keys associated with the malware, so they've launched a free service which they've dubbed DecryptCryptoLocker.

Previous Columns by Eduard Kovacs: <div class="disqus-noscript"><a href=" the discussion thread. CryptoLocker victims offered free key to unlock ransomed files. Boost IT visibility and business value Security researchers have released a tool that allows victims of the infamous CryptoLocker ransomware to unlock their computers at no charge.

CryptoLocker victims offered free key to unlock ransomed files

DecryptoLocker from net security firm FireEye and threat intelligence company FoxIT offers a cure for the estimated 500,000 victims of CryptoLocker. New Site Recovers Files Locked by Cryptolocker Ransomware. Until today, Microsoft Windows users who’ve been unfortunate enough to have the personal files on their computer encrypted and held for ransom by a nasty strain of malware called CryptoLocker have been faced with a tough choice: Pay cybercrooks a ransom of a few hundred to several thousand dollars to unlock the files, or kiss those files goodbye forever.

New Site Recovers Files Locked by Cryptolocker Ransomware

That changed this morning, when two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware. First spotted in September 2013, CryptoLocker is a prolific and very damaging strain of malware that uses very strong encryption to lock files that are likely to be the most valued by victim users, including Microsoft Office documents, photos, and MP3 files. CryptoLocker urgent alert – here’s how YOU can help! We've seen a resurgence in interest in the CryptoLocker ransomware, not least because the UK's National Cybercrime Unit (NCU) put out a warning about it yesterday.

CryptoLocker urgent alert – here’s how YOU can help!

The NCU burst onto the cybercrime fighting scene as part of the UK's newly formed National Crime Agency (NCA), which became operational just a month ago, on 07 October 2013. The NCA is part of the UK's effort to tackle organised crime, including crimes launched by electronic means. And CryptoLocker has been a strange baptism of fire for the agency dubbed by some "the British FBI. " What CryptoLocker does If you've been following the story, you'll know that CryptoLocker is malware that deliberately scrambles your precious data files, such as documents and spreadsheets, and offers to sell you a decryption key to get them back. The price the crooks are charging is currently hundreds of pounds. But if you don't, then you're stuck. CryptoLocker Ransomware Now Spreading Through Removable Drives. During the past few months, advancements in CryptoLocker put ransomware on the public's radar in a major way.

CryptoLocker Ransomware Now Spreading Through Removable Drives

But according to researchers at Trend Micro, enhancements in the world of ransomware have not stopped as the year as 2013 has come to a close. According to the company, a piece of ransomware they believe is a variant of CryptoLocker has the ability to now spread through removable drives. This update is significant because it has not been seen in other variants and the added propagation routines means the malware can easily spread, according to Trend Micro. "Aside from its propagation technique, the new malware bears numerous differences from known CryptoLocker variants," blogged Abigail Pichel of Trend Micro. "Rather than relying on a downloader malware—often UPATRE— to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites. Previous Columns by Brian Prince: Cryptolocker Ransomware - 10M UK Users targeted.Basic countermeasures.

Recently the UK’s National Crime Agency has issued an alert on a large spam campaign based on CryptoLocker ransomware that is targeting more than 10 million UK based email users.

Cryptolocker Ransomware - 10M UK Users targeted.Basic countermeasures

CryptoLocker malware is considered very insidious by users, it encrypts victim’s files and then demands a ransom money to restore access. Website files encrypted by Linux.Encoder.1 ransomware? There is now a free fix. Researchers have exploited a flaw in the encryption procedure used by the Linux.Encoder.1 - the first ransomware targeting the Linux platform - to develop a decryption tool for victims.

Website files encrypted by Linux.Encoder.1 ransomware? There is now a free fix

On Thursday, Russian anti-virus company Dr. Web first disclosed the existence of Linux.Encoder.1, a strain of ransomware similar to other notorious ransomware families such as CryptoWall and TorLocker, but targeting computers running Linux rather than Windows. Evidence of infections by Linux.Encoder.1 are scattered across the net, because many websites appear to be revealing their impacted state in search engine results. CryptoWall 4.0 Has Arrived – Now with Canary File Notification. The latest strain of ransomware has arrived.

CryptoWall 4.0 Has Arrived – Now with Canary File Notification

It has been named CryptoWall 4.0, and it is as ugly and insidious as the previous versions. It should be noted that while this appears to be the fourth version of this malware, this does not indicate that it was upgraded by the same authors of any previous versions. In the history of virus coding, as each version of the original code is revealed, new independent authors add on to the earlier versions. The good folks who analyze malware have the honor of naming new viruses, or incrementing the version numbers of those that are similar to earlier variants. As with any software development life cycle, enhancements are added to evade the preventive updates offered by anti-virus vendors. Now, however, some of the enhancements to malware are added to allow for granular control of the payment (in increments of Bitcoin based on current market value), as well as new ways to obfuscate the files, even though they are encrypted.

Ransomware Now Gunning for Your Web Sites. One of the more common and destructive computer crimes to emerge over the past few years involves ransomware — malicious code that quietly scrambles all of the infected user’s documents and files with very strong encryption.

Ransomware Now Gunning for Your Web Sites

A ransom, to be paid in Bitcoin, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site’s files, pages and images for ransom. Image: Kaspersky Lab This latest criminal innovation, innocuously dubbed “Linux.Encoder.1” by Russian antivirus and security firm Dr.Web, targets sites powered by the Linux operating system. The file currently has almost zero detection when scrutinized by antivirus products at, a free tool for scanning suspicious files against dozens of popular antivirus products.

The ransomware problem is costly, hugely disruptive, and growing. Update: 6:09 p.m. Original story: