Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Keywords: Cryptolocker, Malware, Encryption, Corruption of user files, Data damage, Email, Infection, NCA, Windows, Microsoft
DBSA ID: 2014-0014
Regarding: Cryptolocker Decryption Available
Date: 2014 08 07
Last Modified: 20140807020537 by Kradorex Xeron
Who should take note: All individuals and organizations with outstanding Cryptolocker infections.
This is unrated as this is an update to DBSA:2013-0008. The original ratings shall remain in place as malware should be approached with caution.
See DBSA:2013-0008 for the original published advisory.
Cryptolocker is an item of ransomware malware that, when installed it covertly, encrypted user data and attempted to extort a sum of money through untrackable money transfer methods. Its mode of operation was to trick a user to open a link in an email or via similar measures to install the trojan. From there it would start encrypting user data mostly through a background program. When complete it would transmit the encryption key (password) to a remote server and there would be no local key. It would then display a warning message extorting money providing a countdown until the remote encryption key would be deleted permanently. This used to mean that data could not be recovered.
Users with outstanding Cryptolocker infections or files still inaccessible are strongly advised to attempt utilization of the self-serve web tool located at:
This tool's page contains instructions on its usage.
The prior advisory's Mitigation/Solution section stands on all counts as this tool does not work on all ransomware. It is still strongly advised to maintain offline, disconnected backups of data that cannot be accidently altered or corrupted. It is further advised not to open email attachments or links without confirmation that they originate from the true source. Do not simply "Reply" to such mailings but rather use an alternate communication method or failing that use a known good source for the original sender's email address to confirm. Always be cautious and don't open unexpected attachments.