Emsisoft is undergoing one of its most prolific months yet, releasing their third decrypter in just ten days, this time saving the victims of the LooCipher Ransomware. On July 18, they released a decrypter for ZeroFucks, and six days earlier they published a decrypter for Ims00rry. All three are pretty nasty ransomware tools using AES-128 and AES-256 encryption algorithms. To put things into a technical perspective, KryptAll estimates that it would take a supercomputer more time than the age of the universe to crack an AES-128 key. The way expert researchers like Michael Gillespie and Francesco Muroni do it is by finding flaws in the ransomware and retrieving parts of the master-keys.
It's decryptor day (again!) This one is for LooCipher. Get it here and #DontPay Shout-outs to @demonslay335 and @FraMauronzhttps://t.co/kIyHnGyS4x
— Emsisoft (@emsisoft) July 22, 2019
Having part of the key still needs some brute forcing to help guess the full key, so the LooCipher decrypter may need some time to derive with the desired result. Users simply select a pair of an encrypted and unencrypted file, click on the “Start” button, and then wait. Once there’s a match, the decrypter will restart with the key now loaded in the tool. Then, the users may add all the folders that they want to have decrypted and click on the “Decrypt” button. Remember, you are infected by LooCipher if the encrypted files end with the “.lcphr” extension, and you are asked to pay a ransom of €300 in Bitcoin. Victims are given 120 hours to do that, but even if your counter has run out and your key was “destroyed” by the actors, Emsisoft’s decrypter will do the trick.
The case is similar for ZeroFucks, with the extension being “.zerofucks” on all encrypted files, and the actors asking for €400 in Bitcoin, double the amount after 48 hours, and double again after another 24 hours. With the exhausting of the 96 hours, the files are supposedly becoming no longer recoverable, but Emsisoft’s decrypter can again come to the rescue. Finally, in the case of the Ims00rry, the decryption cost is $50 paid in a Bitcoin wallet, with victims pointed to contact a Telegram bot. The actor claims that he/she simply wants to start their own business, but it looks like Emsisoft’s decrypter has put an immature end to their entrepreneurship plans.
As always, keep regular backups of your most important data and never even consider paying the ransom to the actors. There is no guarantee that you will get your files back, and you can not trust a person with zero accountability. Use an up to date AV from a reputable vendor and avoid downloading and installing software from unreliable sources.
Has Emsisoft come to your rescue this month? Let us know in the comments beneath, and help us spread the good news to more potential victims by sharing this post through our socials, on Facebook and Twitter.