The cost of using the service is 10 Bitcoins -- around $2,300 at the current Bitcoin exchange rate -- and requires users to upload one of their encrypted files. The first 1024 bytes of the file will be used to search for the associated private key, a process that can take up to 24 hours.
"We're guessing that the delay is because the crooks have to run a brute force attack against themselves," Ducklin said. "Without your public key to help them match up your keypair in their database, it sounds as though they have to try to decrypting your data with every stored private key until they hit one that produces a plausible result."
However it's not immediately clear whether using this service is still possible after the initial 72-hour deadline given by the malware. If it is, then the cybercriminals lied and the private keys are not being destroyed after that time period.
This decryption service might have also been created for users whose antivirus programs detected and deleted the malware after it encrypted the files, leaving them unable to buy the decryption key anymore.
"We're still saying, 'don't buy,' but we're feeling your pain enough to know how tempting it will be for some people to pay the crooks, even though the blackmail charges have now ballooned to more than $2,000," Ducklin said.
Sign up for CIO Asia eNewsletters.