CryptoLocker Decryption Tool released

There is some good news for those victims whose files have been locked by the Crytpolocker ransomware. Victims can now use the free Decryptlocker or CryptoLocker Decryption Tool from FireEye and Fox-IT to decrypt the Cryptolocker encrypted files. This Cryptolocker removal tool might just help you your data back!

CryptoLocker Decryption Tool

CryptoLocker targets Internet users – especially users of Microsoft Windows. It could infect PC’s using various sources, the most common being a legitimate email attachment. While there were ways you could prevent Cryptolocker ransomware by taking a few steps, there was no real way to get your files back, if your PC did become infected. The only way for the victim then, was to pay the ransom money – typically around USD 300 – and get the ‘key’ to decrypt the encrypted files.

CryptoLocker Decryption Tool or Decryptlocker

However, researchers at FireEye and Fox-IT have now come together and released a free tool that will decrypt the Cryptolocker encrypted files. To use this tool, you will have to upload any single encrypted file to their server. After it identifies the key to decrypt the file, the tool will then be able to decrypt all the other files on your PC.

The user can upload an encrypted CryptoLocker file.  Based on this upload, the user will be provided with the option to download a private key that should decrypt their affected files. The site also provides instructions on how to apply this key to the files encrypted by CryptoLocker to decrypt those files.

It is however pertinent to note that the encryption algorithm itself has still not been cracked. What the tool does is, use the database of the RSA private keys that was obtained during the recent takedown of the GameOver Zeus botnet, and use it.

Visit if you have been a victim of the Cryptolocker ransomware, to decrypt your encrypted filed. UPDATE: The site appears to have been taken down.

Ransomware victim? Check out this list of Ransomware Decryptor Tools.

Posted by on , in Category Security with Tags
Anand Khanse is the Admin of, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.


  1. d

    didnt work with two sample I had yesterday.

  2. Nik

    Sadly, it didn’t work… 🙁

  3. Nik

    Tried with some doc and jpg files and all the times it said that they aren’t infected by Cryptolocker… :/

  4. Forchaz

    Hi Guys has anyone managed to decrypt files hit by the CBT locker??

  5. Deric

    We have clients infected today (20 Jan 2015) with CBT Locker. Have not found a solution to decrypt the files yet.

  6. Dan

    Other poster seems right; all I could find was some advice on how to possibly remove the Curve-Tor-Bitcoin Locker malware at “bleepingcomputer” under a July 2014 advisory its site titled “CTB Locker and Critroni Ransomware Information Guide and FAQ”. Sorry!

    For what it’s worth, I’ve seen some machines with HitmanPro Alert and Comodo CIS operating together keep this type of ransomware/locker from effectuating itself on such machines; hope this is of help to you.

  7. Forchaz

    Eeeeeish, so seems the only option is to pay the ransom huh??

  8. BA

    We had customers infected with the “new” CBT Cryptolocker 17th Jan 2015. Must be a new crew of crooks. No solution yet.

  9. ahyu84

    I got 2 customer server infected, all file was encrypted and the file is too important to them! They have no any backup nor enable shadow copy!! 22 June 2015

  10. Paradox FX

    I am a professional photographer. A few weeks ago my computer was attacked by CTB-LOCKER the one with the black screen and code KEY. Proven Data Recovery has been able to identify the VARIENT of the virus I have. It is – RSA-2048 CTB-Locker encryption virus.

    They want 2,600 for the decryption of 300 image files that this virus has encrypted on a SD CARD. The computer still reads close to 900mb of data on the card and I have been told by multiple sources that there is a chance my images are still there, but I have had no luck and it’s going to take me quite some time to come up with this money so in mean time I am exploring other options and learning more about computers and code than I would otherwise have never cared to.

    It angers me to no end that people can actually even do this. That they can hurt total strangers in this away. Hurt their jobs. Effect their lives just for the sake of doing so and then dangle our data in front of us so we freak out and jump. I refuse to pay this RANSOM and it is frustrating to no end that the supposed GOOD GUYS want WAY THE HELL MORE!! It’s very backwards to me and does not seem right. It is almost impossible to get a simple strait answer from people in this area and there is a lot of double talk and I have bad a couple people remote access my computer and I see them try things even I have tried.

    The files that are blocked were never on my hard drive. I didn’t even have time to make a hard copy. One moment they were find and the next they were encrypted. I have done 2 system restored and a factory restore and computer has updated protection but the files remain locked on my card.

    Is there any effective decryption for CTB-LOCKER – RSA-2048 CTB-Locker encryption virus

    What are the odds? Is it even worth saving all this money for these people? He did ID the variant. Even that came as a shock. It’s all I have to go on. Maybe, if you think you have a solution for me of course I would be willing to work put pay arrangement but I would need to see at lest SOME proof. Maybe do one or two that I can see. There are 300 on the card and I am really quite desperate for this material, or to be told convincingly and enough times that all hop is lost. I am not at that point yet.

    Thanks for your time



  11. MrChopsockey

    can someone please help. is there anyone that can try to see if any samples could help for me im so desperate. Or at least tell me the process in how to do it. would be very grateful. thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 2 =