Pierluigi Paganini July 24, 2019

Security experts at Emsisoft released the third decryptor in a few days, this time announced a free one for the LooCipher ransomware.

A few days ago, the experts at Emsisoft released two free decryptors for the ZeroFucks ransomware and Ims00rry ransomware, now the malware team announced the released of a decryptor for the LooCipher ransomware.

Victims of the LooCipher ransomware don’t have to pay the ransom, they only need to download the decryptor from the link below:

• Download the LooCipher Decryptor Here

Loocipher is a new threat that is rapidly spreading, its functionalities are pretty straight forward as effective, common to many other ransomware families.

Recently experts at Yoroi-Cybaze ZLab published a detailed analysis of the ransomware, below the key findings of the analysis:

• The ransomware spreads using weaponized Word document.
• The Command and Control is hosted on the TOR Network, at the following onion address “hxxp://hcwyo5rfapkytajg[.]onion” .
• The attackers leverage several Tor2Web proxy services to easily allow the access to the Tor C2.
• The binary can work both as cryptor and decryptor.
• The C2 dynamically generates a different Bitcoin address for each infection.

“LooCipher encrypts the victim’s files using AES-128 ECB, and adds the extension “.lcphr“.” states Eminsoft.

“No ransom note file is left, but the malware does leave a screen telling the victim to make a BitCoin payment and then use the same malware to decrypt their files once payment is complete.”

Emsisoft also published a Detailed usage guide for its decryptor.

A couple of weeks ago experts at Yoroi-Cybaze ZLab also released a free decryptor for Loocipher Ransomware

Enjoy it!

Pierluigi Paganini

(SecurityAffairs – ransomware, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]