Skip to main content

PyLocky Ransomware Decryption Tool Released — Unlock Files For Free

PyLocky free ransomware decryptor
If your computer has been infected with PyLocky Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search might end here.

Security researcher Mike Bautista at Cisco's Talos cyber intelligence unit have released a free decryption tool that makes it possible for victims infected with the PyLocky ransomware to unlock their encrypted files for free without paying any ransom.

The decryption tool works for everyone, but it has a huge limitation—to successfully recover your files, you must have captured the initial network traffic (PCAP file) between the PyLocky ransomware and its command-and-control (C2) server, which generally nobody purposely does.

This is because the outbound connection—when the ransomware communicates with its C2 server and submit decryption key related information—contains a string that includes both Initialization Vector (IV) and a password, which the ransomware generates randomly to encrypt the files.

"If the initial C2 traffic has not been captured, our decryption tool will not be able to recover files on an infected machine. This is because the initial callout is used by the malware to send the C2 servers information that it uses in the encryption process," the researcher explain.

First spotted by researchers at Trend Micro in July last year, PyLocky ransomware found spreading through spam emails, like most malware campaigns, designed to trick victims into running the malicious PyLocky payload.
pylocky ransomware note
To avoid detection by sandbox security software, the PyLocky ransomware sleeps for 999.999 seconds—or just over 11 and a half days—if the affected system's total visible memory size is less than 4GB. The file encryption process only executes if it is greater than or equal to 4GB.

Written in python and packaged with PyInstaller, PyLocky ransomware first converts each file into the base64 format and then uses randomly generated Initialization Vector (IV) and password to encrypt all the files on an infected computer.

Once a computer is encrypted, PyLocky displays a ransom note claiming to be a variant of the well-known Locky ransomware and demands a ransom in cryptocurrency to "restore" the files.

The note also claims to double the ransom every 96 hours if they don't pay to scare victims into paying up the ransom sooner rather than later.

PyLocky primarily targeted businesses in Europe, particularly in France, though the ransom notes were written in English, French, Korean, and Italian, which suggested that it may also have targeted Korean- and Italian-speaking users.

You can download the PyLocky ransomware decryption tool from GitHub for free and run it on your infected Windows computer.

Though ransomware may not be as high profile as the LockyWannaCryNotPetya, and LeakerLocker widespread 2017 ransomware attacks, both individuals and enterprises are strongly recommended to follow below-mentioned prevention measures to protect themselves.

Beware of Phishing emails: Always be suspicious of uninvited documents sent over an email and never click on links inside those documents unless verifying the source.

Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.

Keep your Antivirus software and system up-to-date: Always keep your antivirus software and systems updated to protect against latest threats.
Contact us:

Red Securium Pvt Limited Company

Red securium company provide best ethical hacking  and cyber security training in noida.

Address: Block A, A-25, Second Floor, Sector 3, Noida, Uttar Pradesh 201301
Telephone number: +91-120 429 1672
Email: info@redsecurium.org
Mobile number: +91-7455923827
Google+ Profile: Red Securium
Facebook profile: Red Securium
Twitter Profile: Red Securium

Instagram Profile: Red Securium


Labels:
Location: Noida, Uttar Pradesh, India

Comments

Post a Comment

Popular posts from this blog

Phishing Campaigns Targeting Google and Yahoo Accounts To Bypassing Two-Factor Authentication Several phishing campaigns targeting hundreds of individuals across the Middle East and North Africa. The attacker targers HRDs, journalists, political actors. Amnesty International published a report on multiple campaigns that traget self-described “secure email” services, such as Tutanota and ProtonMail and another campaign that aimed in bypassing two-factor authentication. Crafted Phishing Sites – Secure Email Providers The phishing campaign primarily targeted popular secure email service providers such as Tutanota and ProtonMail. Threat actors used a well-crafted phishing page – by obtaining the domain tutanota[.]org, whereas the original domain of the service provider is tutanota[.]com. A phishing attack is one of the dangerous social engineering attacks that leads to capture a victim’s username and password that will get store it to an attacker machine and reuse it l...
Post a Comment
Read more

software development services in noida

Red Securium Company Provide Software Development  Service In Noida Combining technological competency with domain expertise, Red Securium offers full spectrum of custom software design, development and deployment services for enterprises and SMEs to achieve exceptional business results.            Leveraging on its cross-functional width of expertise in application software development , Red Securium has developed the capabilities to build and run resilient applications at scale that seamlessly infuse your innovative ideas. Whether you are in need of the rapid development of a crucial business application or require the deployment and support for an entire suite of applications, we offer full software lifecycle coverage services. We adopt best practices and put highest levels of expertise to drive your technological assets deliver you business excellence and improved ROI. Custom Software Development Services in Noida Enterpri...
Post a Comment
Read more

Tr0ll 1.0 – Vulnhub CTF Challenge Walkthrough

  Tr0ll 1.0 is an intentionally vulnerable machine, which is more of a   CTF  like type than real world scenario. Nevertheless, this machine has its own difficulties and you can learn some new stuff from it. So, let’s start. Enumeration Phase Let’s first run  netdiscover  to find the IP of our machine. netdiscover -r 192.168.1.1/24 After that, we run our typical  nmap  scan to see the open ports in the machine. nmap -A -sS -Pn -vv [target] Great we see many interesting stuff here. First of all, there is an open  FTP  port and we can connect to it with  anonymous access .  Also there is an open  http  port, we will run a nikto scan for it. The  ssh  port will be valuable later. From the nikto scan we got an interesting  /secret/  folder. When we get inside, we can understand why the machine got this name. Nothing interesting here, as you can see. we got trolled Let’s connect ...
Post a Comment
Read more