Ransomware applications are no doubt one of the users’ worst nightmares as they can enter the system without the victim noticing anything and silently encrypt all private or important files to make them unusable. Usually, in such case, the only guaranteed way of recovering enciphered files is swapping them with backup copies that could be stored on the user’s external hard drive, flash drive, cloud storage, and so on. The problem is those who never lost their data before, for example, due to a ransomware infection, may not feel the need to create a backup and consequently might not have any recovery options in case of emergency. Of course, the hackers behind the threat could offer decryption tools for a particular sum, but sadly, paying the ransom is always risky as there is not knowing if the cybercriminals will keep up with their promises. However, thanks to Bitdefender team, at least victims of the so-called LockCrypt Ransomware may have a chance to recover their files without risking their savings. The company’s specialists managed to create a decryption tool and are sharing it free of charge on their website.
LockCrypt Ransomware was noticed for the first time in 2017, and at that time the hackers behind it concentrated on various organizations. The computer security specialists say the malware used to get it by carrying out brute-force attacks on targeted computers and once the device was infected the threat continued to spread among other computers connected to the same network.
Next, the malicious application as programmed to begin the encryption process during which it not only enciphered various private or important data but also marked each file with a specific extension. To be more precise, the malware had five versions and each of it used a different extension (.1btc, .lock, .2018, .bi_d, and .mich), for example, picture.jpg.2018. From all of the five variants, only one of them applying .bi_d cannot be decrypted. The extension currently decryptable with the Bitdefender LockCrypt Ransomware decryption tool is .1btc. As for the other three extensions, they are decryptable but not yet included in the mentioned tool. Its creators say they are hoping they will be able to add support for these extensions in the nearest future. Thus, if you encountered a version that uses a different extension than .1btc, we would advise you to check for updates on the decryption tool’s website from time to time.
What we do not recommend is putting up with any demands listed on the malicious application’s ransom note. LockCrypt Ransomware’s ransom notes could have one of the following titles: ReadMe.txt, Restore Files.txt, and How To Restore Files.txt. Despite the different names these text documents should contain more or less the same message saying all user’s files were encrypted and to restore them he should contact the malicious application’s developers via email. Also, the notes should demand users to pay a ransom in Bitcoins if they wish to get their data back.
It is crucial to understand, even if the cybercriminals guarantee and prove they can decrypt your files it does not mean they will do it or deliver you the needed decryption tool so you could decipher them yourself. In other words, the hackers cannot be trusted, and there is always a chance they might scam the user. For instance, they could claim the price has changed, and they need more money now or never reply to you ever again. Therefore, for readers who do not want to risk losing their savings in vain, our computer security specialists advise not to put up with any demands. Especially, when there is a decryptor you could use and luckily in this case users can obtain the Bitdefender LockCrypt Ransomware decryption tool.
Naturally, one cannot always depend on thoughts the volunteer IT specialists will be able to bring a solution in case you encounter a malicious application like LockCrypt Ransomware, so it would be best to learn how to avoid such malware in the future. Firstly, we advise strengthening the system by removing possible weakness, for example, outdated software, weak passwords, unsecured RDP connections, etc. Doing this may help users make their devices less vulnerable to hacker attacks. Secondly, it would be a smart idea to be cautious when receiving Spam emails or any other suspicious emails carrying attachments or links to other web pages. A lot of ransomware infections and other threats use infected attachments or malicious links to make the victim launch threats himself. In some cases, cybercriminals even forge the sender’s information to make it look as if the email comes from a legitimate source. This is why you should avoid opening or at least scan questionable data received via email before opening it.
Lastly, if you have not picked a reputable antimalware tool you could trust, we would advise considering it. Such a tool might be useful not only when you wish to check suspicious data, but also in situations when you may launch malicious files without realizing it. Provided, the tool is up to date it might be able to recognize and stop various malicious applications from entering the computer.
- Bogdan Botezatu. LockCrypt Ransomware decryption tool. Bitdefender Labs.