1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

LambdaLocker ransomware victim? Now you can decrypt your files for free

Discussion in 'Ransomware Decrypters' started by starbuck, Aug 17, 2017.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    As part of the No More Ransom initiative, Avast Antivirus has released a tool that decrypts files locked by LambdaLocker ransomware.

    Victims of LambdaLocker ransomware can now get their files back for free using a decryption tool released as part of the No More Ransom initiative.

    The scheme was launched last year, with the goal of bringing law enforcement and private industry together to fight file-locking malware.

    No More Ransom recently celebrated its one-year anniversary, and now offers over 50 decryption tools for use against more than 100 ransomware families.

    Now cybersecurity researchers at Avast Antivirus have added a decryption tool for LambdaLocker to the portal, allowing victims to retrieve their files without paying the 0.5 Bitcoin ($2,200) ransom that attackers demand in exchange for the cryptographic key.

    LambdaLocker first appeared in January and uses a combination of AES-256 and SHA-256 ciphers to encrypt victims' files, making them inaccessible and adding the extension '.lambda_l0cked'.

    But an error in the latest build of the ransomware has allowed Avast researchers to retrieve files.

    "There was a bug in the cryptography implementation in the latest version of the LambdaLocker ransomware, which allowed us to decrypt the victims' files without paying the ransom," Ladislav Zezula, malware researcher at Avast, told ZDNet.

    Like many forms of ransomware, it's distributed via spam emails.
    LambdaLocker is also reported to infect victims via game installers from hacked or malicious download sites and peer-to-peer networks.

    Following infection, the victim is presented with a note demanding a ransom, complete with instructions on how to buy and use Bitcoin.
    The note -- which is in English and Chinese -- also demands victims pay within a month, or risk losing the encrypted files forever.

    But, thanks to the release of the decryption tool, victims no longer need to worry about paying the ransom and can retrieve their files without lining the pockets of criminals.
    At least if they're attacked with a newer version of the ransomware, that is -- there's currently no decryption available tool for older versions.

    "Unfortunately, the decryption is only working for the newer version of LambdaLocker, but not for older versions," said Zezula.

    It's thought that more than 28,000 decryptions have taken place using No More Ransom tools, preventing millions of dollars from being paid to cybercriminals.


    Source:
    http://www.zdnet.com/article/lambda...-decrypt-your-files-for-free/#ftag=RSSbaffb68
     
    Tony D likes this.

Share This Page