Bitdefender Releases Free Decryptor for LockerGoga Ransomware
Romanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover their files without paying a ransom.
The free tool is available for download from Bitdefender’s servers and allows you to recover encrypted files using instructions in this usage guide [PDF].
Bitdefender says the decryptor was developed in cooperation with law enforcement agencies, including Europol, the NoMoreRansom Project, the Zürich Public Prosecutor’s Office, and the Zürich Cantonal Police.
For a working decryptor to be created, researchers usually need to identify a flaw in the cryptography used by the ransomware encryptor.
However, in this case, the LockerGoga operators were arrested in October 2021, which may have allowed law enforcement to access the master private keys used to decrypt victims’ encryption keys.
Also Read: PDPA Meaning: Know Its Big Advantages In Businesses
How to decrypt your files
Files encrypted by LockerGoga will have the “.locked” filename extension and cannot be opened with regular software.
Bitdefender’s tool offers to scan your entire filesystem or a single folder, locate any encrypted files, and perform the decryption automatically.
For this to work, the computer needs to be connected to the internet, and the ransom notes generated by the ransomware during the encryption need to be in the original paths.
Bitdefender says the decryptor can operate either on a single machine or on entire networks encrypted by LockerGoga.
Note that the decryption process can be interrupted or not always work as expected, and you might end up with corrupted files. For this reason, the decrypter has the “backup files” option ticked by default, and users are recommended to leave that setting enabled.
Who was LockerGoga
The LockerGoga ransomware operation launched in January 2019, hitting high-profile targets such as the French engineering firm Altran Technologies and the Norwegian aluminum giant Norsk Hydro.
For a working decryptor to be created, researchers usually need to identify a flaw in the cryptography used by the ransomware encryptor.
However, in this case, the LockerGoga operators were arrested in October 2021, which may have allowed law enforcement to access the master private keys used to decrypt victims’ encryption keys.
Also Read: What Is PDPA And What Are The 5 Things You Should Know About
How to decrypt your files
Files encrypted by LockerGoga will have the “.locked” filename extension and cannot be opened with regular software.
Bitdefender’s tool offers to scan your entire filesystem or a single folder, locate any encrypted files, and perform the decryption automatically.
For this to work, the computer needs to be connected to the internet, and the ransom notes generated by the ransomware during the encryption need to be in the original paths.
Bitdefender says the decryptor can operate either on a single machine or on entire networks encrypted by LockerGoga.
Note that the decryption process can be interrupted or not always work as expected, and you might end up with corrupted files. For this reason, the decrypter has the “backup files” option ticked by default, and users are recommended to leave that setting enabled.
Who was LockerGoga
The LockerGoga ransomware operation launched in January 2019, hitting high-profile targets such as the French engineering firm Altran Technologies and the Norwegian aluminum giant Norsk Hydro.
0 Comments