Jump to content
  • Lorenz ransomware decryptor recovers victims' files for free


    Karlston

    • 600 views
    • 2 minutes
     Share


    • 600 views
    • 2 minutes

    Lorenz ransomware decryptor recovers victims' files for free

     

    Dutch cybersecurity firm Tesorion has released a free decryptor for the Lorenz ransomware, allowing victims to recover some of their files for free without paying a ransom.

     

    Lorenz is a human-operated ransomware that began operating in April 2021 and has since listed twelve victims whose data they have stolen and leaked on their ransomware data leak site.

    Lorenz ransomware data leak site
    Lorenz ransomware data leak site

    Lorenz is not particularly active and has begun to taper off in recent months compared to other operations.

    Lorenz ransomware decryptor released

    The Lorenz ransomware decryption tool can be downloaded from NoMoreRansom and will allow victims to recover some of their encrypted files.

     

    Unlike other ransomware decryptors that include the actual decryption key, Tesorion's decryptor operates differently and can only decrypt certain file types.

     

    Tesorion researcher Gijs Rijnders told BleepingComputer that only files with well-known file structures could be decrypted, such as Office documents, PDF files, some image types, and movie files.

     

    While the decryptor will decrypt not every file type, it will still allow those who do not pay the ransom to recover important files.

     

    As you can see below, the decryptor can decrypt well-known file types, such as XLS and XLSX files, without a problem. However, it will not decrypt unknown file types or those with uncommon file structures.

    Lorenz ransomware decryptor
    Lorenz ransomware decryptor

    In addition to providing a decryptor, Tesorion provided insight into the encryption technique used by the Lorenz ransomware.

     

    In a blog post, Rijnders explains that a bug in how they implement their encryption can cause data to become lost, which would prevent a file from being decrypted even if a ransom was paid.

     

    "The result of this bug is that for every file which’s size is a multiple of 48 bytes, the last 48 bytes are lost. Even if you managed to obtain a decryptor from the malware authors, these bytes cannot be recovered," explains Rijnders.

     

     

    Lorenz ransomware decryptor recovers victims' files for free

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...