Threat Watch

Free Decryptor Being Released for Lorenz Ransomware, but There’s a Catch

Lorenz is a new ransomware family, infecting their first victims in April this year. Like many others, Lorenz also double extorts their victims, hoping that if encrypted data won’t be enough to convince their victims to pay, threatening to publish the stolen data will be. Dutch cybersecurity company Tesorion released a blog post last Friday detailing some of their analysis on this new ransomware, and with it came both good and bad news. The good news is the company is working with the No More Ransom Project to release a free decryptor for victims of this ransomware. Unfortunately, though, Tesorion also found that flaws in the encryption process cause file sizes in multiples of 48 bytes (before encryption) to become corrupt or lose the last 48 bytes of data. The free decryptor will support Microsoft Office documents, PDFs, and some image and video formats.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Tesorion and the NoMoreRansom project have not yet made the decryptor available. Binary Defense advises anyone affected by this ransomware strain to watch for updates on nomoreransom.org for the decryptor to be released. Binary Defense also highly recommends reading and implementing steps from the CISA (Cybersecurity & Infrastructure Agency) and NCSC (National Cyber Security Centre) ransomware guides. The guides contain detailed information that any organization can use, describing in detail how to backup and protect data, create incident response plans and more.

https://www.tesorion.nl/en/posts/lorenz-ransomware-analysis-and-a-free-decryptor/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support