Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension.
The Bitdefender decryption tool may not be useful for current victims of the LockCrypt ransomware, but users who still have copies of their (.1btc) encrypted files can use it to recover files. Using the tool is pretty simple, as the interface is self-explanatory.
It’s no surprise that the Bitdefender team was able to crack LockCrypt’s encryption. The LockCrypt ransomware is known for using bad crypto. Malwarebytes has detailed the ransomware’s flawed encryption routine in a report in April.
Security researcher Michael Gillespie has been helping victims decrypt their files for multiple versions of the LockCrypt ransomware for more than a year.
|.1btc||Decryptable using Bitdefender tool|
|.lock||Decryptable (contact Michael Gillespie)|
|.2018||Decryptable (contact Michael Gillespie)|
|.mich||Decryptable (contact Michael Gillespie)|
The LockCrypt ransomware is a ransomware strain that infects victims after hackers use brute-force attacks to break into companies’ networks via RDP connections, and then manually run the ransomware’s binary.