If your computer has been infected with PyLocky Ransomware and you are looking for a free tool to decrypt ransomware to unlock or decrypt your files, your search may end here.
Security researcher Mike Bautista of Talos’ Cisco Cyber Intelligence unit has released a free decryption tool that allows victims infected with PyLocky Ransomware , software to unlock their ransom-free encrypted files for free.
The decryption tool works for everyone, but it has a considerable limit: to restore your files successfully, you must have captured the original network traffic (PCAP file) between the PyLocky ransomware software and its management server and control (C2), usually used on purpose. do not.
Indeed, the outgoing connection, when the extender contacts the server C2 and transmits the information associated with the decryption key, contains a string containing both the initialization vector (IV) and a password, which the extender generates randomly to encrypt the files.
“If the original C2 traffic has not been captured, our decryption tool will not be able to recover the files on the infected machine. This is because the malware uses the original call to send information from the C2 servers it uses in the encryption process. “explained the researcher.
Discovered for the first time by Trend Micro researchers last July, the extortionist PyLocky discovered that it was spread through spam messages, like most malicious campaigns designed to get the victim to use the malicious charge.
To prevent detection by sandbox security software, the PyLocky
Ransomware extender will sleep 999.999 seconds, or just over 11½ days if the total visible memory capacity of the vulnerable system is less than 4 GB. File encryption is performed only if it is greater than or equal to 4 GB.
Written in python and integrated with PyInstaller, the PyLocky ransomware first converts each file to base64 format, then uses a randomly generated initialization vector (IV) and password to encrypt all files on the infected computer.
Once the computer is encrypted, PyLocky displays a ransom note indicating that it is a variant of the famous Locky ransomware and asks for a cryptocurrency ransom for “recovering” the files.
The note also states that the ransom doubles every 96 hours if they do not pay to scare the victims and make them pay sooner rather than later.
PyLocky Ransomware was mainly aimed at European companies, especially French ones, although the ransom notes were written in English, French, Korean and Italian, which suggests that it could also be aimed at Italian-Korean users.
You can download the PyLocky Ransomware decryption tool for free from GitHub and run it on your infected Windows computer.
While extortionists may not be as strong as the widespread attacks of Locky, WannaCry, NotPetya, and LeakerLocker in 2017, individuals and businesses are encouraged to take the following preventative measures to protect themselves.
Beware of phishing emails. Always be wary of unsolicited documents sent by email and never follow the links in these documents if you do not check the source.
Regular backup. To always have reliable control over all important files and documents, record a good backup procedure that copies them to an external storage device that is not always connected to your PC.
Always update your antivirus software and system. Always update the software and anti-virus systems to protect against the latest threats.