Bitdefender Releases Decryption Tool for Older Version of LockCrypt Ransomware


Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension.

This particular version of the LockCrypt ransomware has been active between February 2018 and the end of May, when its authors developed a new version that locks files with the .BI_D extension.

The Bitdefender decryption tool may not be useful for current victims of the LockCrypt ransomware, but users who still have copies of their (.1btc) encrypted files can use it to recover files. Using the tool is pretty simple, as the interface is self-explanatory.

It’s no surprise that the Bitdefender team was able to crack LockCrypt’s encryption. The LockCrypt ransomware is known for using bad crypto. Malwarebytes has detailed the ransomware’s flawed encryption routine in a report in April.

Security researcher Michael Gillespie has been helping victims decrypt their files for multiple versions of the LockCrypt ransomware for more than a year.

LockCrypt version Status
.BI_D Not decryptable
.1btc Decryptable using Bitdefender tool
.lock Decryptable (contact Michael Gillespie)
.2018 Decryptable (contact Michael Gillespie)
.mich Decryptable (contact Michael Gillespie)

The LockCrypt ransomware is a ransomware strain that infects victims after hackers use brute-force attacks to break into companies’ networks via RDP connections, and then manually run the ransomware’s binary.

The ransomware was first spotted in June 2017, and security researchers tracked its authors to a group who was previously active on the Satan Ransomware-as-a-Service portal.

July 24, 2018