Home News Sigh of Relief for Lorenz Ransomware Victims; Free Decryptor Released

Sigh of Relief for Lorenz Ransomware Victims; Free Decryptor Released

Tesorion’s new decryption tool allows victims of Lorenz ransomware to decrypt their files without paying a ransom.

SHARE
Free Decryptor, federal government, cybersecurity
Read Aloud

Organizations become helpless when their digital assets are encrypted in the event of a ransomware attack, making it difficult for victim companies to recover their files without paying ransom to cybercriminals. Several security researchers and firms often create free decryption tools to help the victims of ransomware attacks. Recently, cybersecurity firm Tesorion developed and released a decryption key to help the victims of Lorenz ransomware in recovering their files without paying any ransom. The free decryptor is available at NoMoreRansom, an initiative from Tesorion to help ransomware victims.

“Based on our analysis of the Lorenz ransomware we have come to the conclusion that we can decrypt (non-corrupted) affected files in some cases without paying the ransom. Supported file types include Microsoft Office documents, PDF files, and some image and movie types. We built a decryptor that we are providing to victims free of charge,” Tesorion said.

Lorenz Ransomware

Tesorion researchers stated that Lorenz ransomware operators are active since April 2021, targeting organizations across the globe. Like many ransomware groups, Lorenz leverages double extortion techniques by stealing victims’ data before encrypting and then threatening them to publish it online if the ransom is not paid. The group has allegedly posted sensitive stolen data of its 12 victims on the dark web.

The Lorenz ransomware used a blend of RSA and AES-128 in CBC mode to encrypt the victim files on a compromised device by generating a random password for each file. In addition, the operators sent the computer name of the compromised system to a command & control (c2) server before the encryption. The ransom demand of Lorenz operators is between $500,000 and $700,000.

“The Lorenz ransomware appears to be a variant of the ThunderCrypt ransomware. We have not analyzed any ThunderCrypt samples and therefore, we do not know whether the file encryption is similar or not,” Tesorion added.   

The Free Decryption Movement

This is not the first time that a company has come to rescue the victims of ransomware attacks. In the recent past, cybersecurity firm Bitdefender released a decryption tool that allowed organizations to recover files encrypted by DarkSide ransomware operators without paying any ransom. The free decryptor tool automatically scans the systems for encrypted files and decrypts them. Read More Here