This is some of the best news the world of anti-viruses and anti-malware could have hoped for - FireEye in conjunction with Fox-IT have found and released a potential way to retrieve the private decryption key needed to decrypt files infected by CryptoLocker. We have previously written several articles on CryptoLocker, the ransomware that began infecting computers 3rd quarter of 2013, and demanding payment of originally $300 and up to 10 Bitcoins (which hit a high of over $1200 per Bitcoin) or over $12,000 USD to be sent the decryption key.  For more information on CryptoLocker see this article and this article.

Until now the only way to decrypt your files was to pay the ransom and be sent the decryption key; many companies, without enterprise level backups, found themselves doing exactly that.  Those who had an enterprise level backup in place had more options for restoring backups and filling in any gaps with a relatively small amount of data entry.

Recently law enforcement in association with other groups including FireEye and Fox-IT, had made major breakthroughs against the perpetrators of CryptoLocker during Operation Tovar.  During the operation some of the decryption keys were discovered and those are being made available.  It's not a sure fire solution for those with encrypted files, but it's a chance they didn't have before.

To find out if the decryption key someone needs is available they need to go to the website that's been setup by FireEye and Fox-IT.  Once at the site you'll upload one of your encrypted files and submit it along with an email address for the decryption key to be emailed to.  They will attempt to decrypt your files with one of the discovered decryption keys and if they're successful you'll receive an email with the key and instructions on how to decrypt the remainder of your encrypted files. 

On the heals of the good news about CryptoLocker decryption keys being found, here's some bad news about another cyber crime group out of Russia called CyberVor who has stolen what is believed to be the largest number of online credentials to date.

The name CyberVor is not as strange as it seems, as vor is simply Russian for thief.  This is not a name they've given themselves, but rather then name given to them by the company that discovered their actions.

It is believed that CyberVor has successfully stolen 1.2 billion usernames and passwords, along with 542 million email addressees from over 400,000 different websites.  That is a nearly unbelievable amount of data.

The information comes to us from Milwaukee company Hold Security who has used DefCon in Las Vegas to announce their discovery of the theft.  As a part of the announcement Hold Security is also promoting it's identity monitoring services.

Hold Security has said, "Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites. And most of these sites are still vulnerable."  The reason they are still vulnerable per Hold Security is CyberVor used botnets to identify websites with SQL injection vulnerabilities to acquire the data.  In layman's terms they used a flaw in the way certain websites are programmed to gain access to the data.

One of the concerns with this discovery, as outlined by Graham Cluley's blog "Security firm that revealed 'billion password' breach demands $120 before it will say if you're a victim", is that Hold Security is not offering up much detail on the discovery.  Hold Security has not provided information on which sites it's determined where victims of the attack and thereby what online users should be concerned, nor have they provided details about a timeline, other than it was a 7 month investigation.

As an alternative to providing Hold Security $120 and your passwords, which no IT professional I've ever met would recommend, go to HaveIBeenPwned to find out if your account has been part of one of any large data breaches.  Below is an image of what information a breached account will receive. In the end I have to say we all at Top Speed agree with Graham Cluley, there is something not right about this kind of a major disclosure with so little real facts being provided and the only way to find out if you're a victim costs you both money and submitting your passwords.

A couple of fake websites setup to look like Hold Security's password and email submission page and people will just be victimized all over again...