EMISOFT Decrypter a tool for recovering files encrypted by LooCipher

loocipher

Surfing the net I found an excellent application that from my perspective is worth sharing, because despite not being Linux or something about it. This application is one of those that should be taken into account.

Ransomware attacks and their variants are becoming more common and they have devastating effects on companies of all sizes. The real financial impact of cybercrime in general, and ransomware in particular, is difficult to assess.

About LooCipher

LooCipher is one of those ransomware. Discovered by a security researcher, it is actively used to infect users. The software it is distributed via spam campaign that is hidden as a .docm file called Info_BSV_2019.docm.

LooCipher is installed through malicious Word documents that download the executable and run it. Once executed, the ransomware will encrypt a victim's data and will add the .lcphr extension to the names of the encrypted files.

Ransomware then it would show a LooCipher decryption screen containing a countdown until supposedly your key will be deleted.

Basically like any modern ransomware the victim is asked to make a payment in Bitcoins and then use the same program with which all this was done to decrypt their files once the payment is completed.

This provides the victim with a button to verify if a payment has been made.

This payment site is on the Tor network and you can only pay in Bitcoins. Although this infection has numerous similarities to CryptoLocker or CryptorBit, there is no evidence that they are related.

To buy the decryptor for the files, a ransom of $ 500 USD in Bitcoins must be paid. If you don't pay the ransom within 4 days, it will double to $ 1,000 USD. They also claim that if you don't buy a decryptor within a month, they will delete your private key and you will no longer be able to decrypt your files.

EMISOFT Decrypter a tool for this evil

In order to support people who are within this problem, recently Emsisoft announced this week the publication of a decryptor for LooCipher created by Michael Gillespie with the help of Francesco Muroni that allows victims to decrypt their files for free.

Before using the tool, it is recommended to make sure you have removed the malware from your computer, something you can do with the free version of Emsisoft Anti-Malware. You should also make sure not to delete the ransom note ("!!! READ_IT !!!. Txt") or the decryptor will not work.

How to use ?

Once downloaded, just run the program with administrator privileges to decrypt all files targeted by the ransomware.

Once it starts, they just have to accept the terms of the license agreement and they will be on the Bruteforcer screen.

Here the decryptor requires an internet connection and access to a couple of files consisting of an encrypted file and the original unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data.

It is recommended that the file names of the original and encrypted files not be changed, as the decryptor can perform file name comparisons to determine the correct file extension used for the encrypted files.

When the key is found, a message will be displayed telling us the key was found.

Here they will only have to click on Accept to continue.

After clicking OK on the above message, the tool will restart with the key already loaded. Click the Add Folder button to add the folders containing the encrypted files:

When they are done, click on the Decrypt button to begin the file decryption process. At this point, the tool will search for files with the extension '.lcphr' in the locations defined above and will automatically remove the encryption.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.