Check Point Press Releases

Media Alert: Check Point Software Technologies ‘hacks the hackers’ by cracking ‘DirCrypt’ ransomware

Check Point’s researchers exploit vulnerability in malware to recover ransomed files

San Carlos, CA  —  Wed, 24 Dec 2014

Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced it has cracked the code of DirCrypt, a widespread type of ransomware, enabling the recovery of individuals’ and organizations’ data and files without having to pay a ransom to criminals.

Ransomware has become a top security threat over the past few years, with a rapid evolution of variants and techniques.  In a typical attack, cybercriminals infect networks and stealthily encrypt files so that users can no longer access them. They then demand a ransom to unlock the encrypted files and threaten to permanently lock the files if not paid quickly. Broadly used, these ransomware have infected large amounts of computers.  For example, CryptoLocker, an infamous ransomware investigated by Check Point, infected over 530,000 machines, showing how rapidly these attacks can spread.

To fight this increasingly common type of attack, Check Point researchers look at ways to reverse the damage without having to pay a ransom.  In this instance, they uncovered a flaw in the way DirCrypt ransomware was created, and more specifically how the cybercriminals implemented the cryptographic components of the malware. Exploiting the ransomware vulnerability allowed the researchers to reverse the encryption and restore the majority of the scrambled files.

“Ransomware has become a popular tactic with criminals because victims frequently have no idea how to deal with the attack, other than to pay the ransom. It is perhaps the most pure ‘evil’ form of malware in that it uses scare tactics to apply psychological pressure on the victims. Unfortunately, the more frequently ransoms are paid, the greater the incentive for malware creators to launch more ransomware attacks,” commented Michael Shalyt, malware research team leader at Check Point Software Technologies. “Often there are weaknesses in malware that can be used to reverse the damage it causes, and in the case of DirCrypt, we found it.”

A paper describing how Check Point’s researchers neutralized the DirCrypt ransomware, and outlining the steps to remediation is available to download from:


Check Point’s Malware and Vulnerability Research Groups regularly perform assessments of common software to ensure the security of Internet users worldwide. For more information on other research findings from Check Point, visit: /threatcloud-central/index.html


Follow Check Point via:




About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (, is the largest pure-play security vendor globally,  provides industry-leading solutions, and protects  customers from cyberattacks with an unmatched catch rate of malware and other types of attacks. Check Point offers a complete security architecture  defending enterprises’  networks to mobile devices, in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes. At Check Point, we secure the future.


This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.