Privacy Ninja

Lorenz Ransomware Decryptor Recovers Victims’ Files For Free

Lorenz Ransomware Decryptor Recovers Victims’ Files For Free

Dutch cybersecurity firm Tesorion has released a free decryptor for the Lorenz ransomware, allowing victims to recover some of their files for free without paying a ransom.

Lorenz is a human-operated ransomware that began operating in April 2021 and has since listed twelve victims whose data they have stolen and leaked on their ransomware data leak site.

Lorenz ransomware data leak site

Lorenz is not particularly active and has begun to taper off in recent months compared to other operations.

Lorenz ransomware decryptor released

The Lorenz ransomware decryption tool can be downloaded from NoMoreRansom and will allow victims to recover some of their encrypted files.

Also Read: The DNC Singapore: Looking at 2 Sides Better

Unlike other ransomware decryptors that include the actual decryption key, Tesorion’s decryptor operates differently and can only decrypt certain file types.

Tesorion researcher Gijs Rijnders told BleepingComputer that only files with well-known file structures could be decrypted, such as Office documents, PDF files, some image types, and movie files.

While the decryptor will decrypt not every file type, it will still allow those who do not pay the ransom to recover important files.

As you can see below, the decryptor can decrypt well-known file types, such as XLS and XLSX files, without a problem. However, it will not decrypt unknown file types or those with uncommon file structures.

Lorenz ransomware decryptor

In addition to providing a decryptor, Tesorion provided insight into the encryption technique used by the Lorenz ransomware.

In a blog post, Rijnders explains that a bug in how they implement their encryption can cause data to become lost, which would prevent a file from being decrypted even if a ransom was paid.

Also Read: 4 Best Practices on How to Use SkillsFuture Credit

“The result of this bug is that for every file which’s size is a multiple of 48 bytes, the last 48 bytes are lost. Even if you managed to obtain a decryptor from the malware authors, these bytes cannot be recovered,” explains Rijnders.

Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.

PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× Chat with us on WhatsApp