Threat Watch

Researchers Release Decryptor for Lorenz Ransomware

On June 25th, Dutch cybersecurity company Tesorion posted a blog about the Lorenz ransomware family and the code behind its file encryption. After their analysis Tesorion was successfully able to decrypt files locked by Lorenz due to flaws in the encryption implementation. While this is fantastic news, it also came with a catch: files with a size divisible by 48 bytes before the encryption would also be corrupted because of those same encryption flaws. Tesorion ended the blog with the promise of releasing the decryptor to the public for free, and as of yesterday, it has been added to the No More Ransom Project.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Tesorion has worked with the No More Ransom Project to release their free decryptor to the public. While there is no guarantee of recovering every file, Tesorion claims that the utility can decrypt Microsoft Office documents, PDFs and some image and video file formats that were not corrupted during the encryption process. Binary Defense highly recommends that all organizations read and implement steps from the CISA (Cybersecurity & Infrastructure Agency) and NCSC (National Cyber Security Centre) ransomware guides. The guides contain detailed information that any organization can use, describing in detail how to backup and protect data, create incident response plans and more.

https://www.nomoreransom.org/en/decryption-tools.html#Lorenz

https://www.tesorion.nl/en/posts/lorenz-ransomware-analysis-and-a-free-decryptor/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support