Emsisoft releases Decrypter for the LeChiffre Ransomware

[Petrovic]

LeChiffre is a ransomware that we have been seeing in our forums since June 2015, but have been unable to acquire a sample until recently. This is because the LeChiffre ransomware is not distributed via normal means such as Trojan downloads, exploit kits, or email, but rather by being manually installed in hacked servers.  When the malware developers hack a server via remote desktop or terminal services, they manually run the executable to encrypt the data and then remove all traces of the program when they leave.

 

It wasn't until recently that Hasherezade of Malwarebytes was able to acquire a sample and perform an analysis of it. This analysis showed that the ransomware was not very sophisticated but rather a simple client that the malware developers would run on a hacked server to encrypt the data files and leave a ransom note.  

 

Hasherezade was gracious enough to share a sample with the security community and when Fabian Wosar ofEmsisoft analyzed it he discovered a vulnerability that could allow him to build a free decryptor for it.  More information about this vulnerability can be found in this post and instructions on how to use the decryptor can be found below.

 

LeChiffre Decrypted

If you are infected with the LeChiffre ransomware, simple download download decrypt_lechiffre.exe from the following link and save it on your desktop:

 

 

Full Article