Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension.
This particular version of the LockCrypt ransomware has been active between February 2018 and the end of May, when its authors developed a new version that locks files with the .BI_D extension.
The Bitdefender decryption tool may not be useful for current victims of the LockCrypt ransomware, but users who still have copies of their (.1btc) encrypted files can use it to recover files. Using the tool is pretty simple, as the interface is self-explanatory.
It’s no surprise that the Bitdefender team was able to crack LockCrypt’s encryption. The LockCrypt ransomware is known for using bad crypto. Malwarebytes has detailed the ransomware’s flawed encryption routine in a report in April.
Security researcher Michael Gillespie has been helping victims decrypt their files for multiple versions of the LockCrypt ransomware for more than a year.
|.1btc||Decryptable using Bitdefender tool|
|.lock||Decryptable (contact Michael Gillespie)|
|.2018||Decryptable (contact Michael Gillespie)|
|.mich||Decryptable (contact Michael Gillespie)|
The LockCrypt ransomware is a ransomware strain that infects victims after hackers use brute-force attacks to break into companies’ networks via RDP connections, and then manually run the ransomware’s binary.
The ransomware was first spotted in June 2017, and security researchers tracked its authors to a group who was previously active on the Satan Ransomware-as-a-Service portal.
July 24, 2018