Sign In


Discovered flaw in the encryption scheme of the LockCrypt ransomware allows for its decryptuion


The LockCrypt's malicious code was first observed last year. A team of cyber security researchers suspects that the LockCrypt creators are the same that created the Satan ransomware. The most high profile infection of LockCrypt happened in December 2017 when the attackers managed to hit the Mecklenburg network in North Carolina. The limited area of infection that has been observed for this particular ransomware is due to its manner of distribution - attackers have not used mass distribution methods such as email or exploitation of known vulnerabilities, but have penetrated into organizations' networks through RDP(Remote Desktop Protocol) and have manually installed malicious code on compromised machines.

A team of independent cyber security researchers has been able to identify the weaknesses in the encryption scheme used by this ransomware through a sample, that can be used to recover the data of the victim. The flaw resides in the unusual encryption scheme used by the ransomware creators, allowing researchers to access the internal malware structure. As a result, researchers are now able to offer help in decrypting LockCrypt-infected machines in all of its forms.

More information about the technical analysis of the LockCrypt's ransomware can be found at: