All 500,000 Cryptolocker victims can recover files for free

FireEye and Fox-IT team up to offer 'master decryption key' but not all files will be able to be decrypted

The 500,000 victims who had their files encrypted by malware can now unencrypt their files without having to pay cyber-extortionists behind the "ransomware" any money.

Cryptolocker , which first started affecting users in the US and the UK in September 2013, uses 256-bit Advanced Encryption Standard (AES) encryption to encrypt important files, such as Microsoft Word documents and AutoCAD files.

Once encrypted, it alerts users that they will not be able to access such files unless they pay a ransom fee for a decryption key, which is supposedly held on a secure server.

But now, security firms FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by the malware. They state that a master decryption key used together with the partners' recovery programme will "repair all encrypted files on your system".

The firms emphasise that email addresses where keys are sent will not be used for marketing purposes or be stored in any way by either firm. They also advise users not to upload files that contain any sensitive or personally identifiable information.

In a blog post, FireEye explained that there is a possibility that the decryption key will not be able to decrypt files because there are several variants of CryptoLocker which function in different ways.

The firm had previously suggested that CryptoLocker had been successful at garnering millions of dollars in ransom payments in the first few months of CryptoLocker's distribution - although the vast majority of victims are believed to have not paid any ransom.

Cryptolocker is thought to be created by a sub-group of the larger Gameover Zeus malware, which targets people who use online banking services. US and European officials had last month conducted a coordinated takedown of the botnet (network of compromised computers) responsible, believing that the threat of CryptoLocker would also be neutralised, but this wasn't the case as the malware continued to compromise user devices.

"The criminals continue to push the boundaries; Fox-IT's InTELL team and FireEye have shared expertise and investment to deliver a free service that demonstrates there are plenty of good guys who are there to help those who are the victims of the criminals," said Andy Chandler, senior vice president at Fox-IT.