Ransomware no more

A tool for decrypting the PyLocky ransomware has been released to the public by French authorities.

In a statement published last week, the French Interior Ministry said that its decryption utility would help retrieve data for victims of version 1 and 2 of PyLocky – a malware strain posing as the infamous Locky ransomware.

“This program is made available for free ‘as it is’, without any technical support nor explicit or implicit warranty,” the statement, published on June 11, reads.

“Its authors can’t be held in any way responsible of any damage that might be caused by the use of the tool.

“Other versions of PyLocky might have been created, regarding which this program may be ineffective.”

PyLocky is ransomware written in Python that is typically delivered through spam emails, having predominately targeted French and European businesses since July and August of last year.

First discovered by researchers at Trend Micro, the ransomware lures its victims into clicking a malicious URL, which then delivers the malicious software onto a victim’s machine, making files inaccessible.

“This software allows for the decryption of the encrypted files with versions 1 (encrypted files with the extension .lockedfile or .lockymap) and version 2 (encrypted files with the extension .locky) of PyLocky,” the Interior Ministry said.

“It requires a computer running the operating system Microsoft Windows 7 or higher and the execution environment Java JRE (Java Runtime Environment) version 8.”

Other free tools for decrypting PyLocky have been released before, including one from Mike Bautista, security researcher at Cisco Talos Intelligence Group.

Ransomware made a bit of a come back at the start of 2019, with cybersecurity firm Malwarebytes reporting how criminals were starting to deploy the malware in pre-packaged cybercrime exploit kits.

According to French authorities, PyLocky remains active across the country.

The PyLocky decryption tool was published in collaboration with the Brigade d’enquêtes sur les fraudes aux technologies de l’information (BEFTI), the Direction régionale de la police judiciaire de Paris, and the Gendarmerie Nationale.

Following the release of the PyLocky decryptor, Europol today released a tool for recovering data held hostage by the latest version of GandCrab ransomware

The tool was initially launched in January 2018 and was said to have recovered the information of more than 100 victims within an hour of its launched.


RELATED NCSC offers tools to help SMEs break out of the breach cycle