Researchers have come up with a fix for how to decrypt lorenz ransomware for free. After analyzing the ransomware, they now have developed a decryptor for Lorenz ransomware that the victims can use for free.
Lorenz Ransomware Free Decryptor
Researchers from the Dutch cybersecurity firm Tesorion have developed a decryptor for the Lorenz ransomware.
This ransomware emerged as a threat to enterprise security in April 2021. Since then, it has targeted numerous firms to wage devastating ransomware attacks. The attackers not only encrypt the victim’s data but also steal it. This is evident from the attackers’ leak site that listed the data for 10 out of its 12 victims a month after the malware operations began.
As elaborated in their blog post, Tesorion analyzed the ransomware and found a bug that helped it develop a decryptor.
Specifically, the issue resides in the way the ransomware applies the CryptEncrypt function to encrypt the files. Due to this bug, the ransomware inappropriately encrypts the files, which further leads to a decryption failure even by the decryptors provided by the attackers.
Explaining this flaw, the researchers stated,
Lorenz uses the AES-128 algorithm, which is a block cipher having a block size of 16 bytes. If the size of ‘read_buffer’ is smaller than 48 bytes, the data inside it would be padded to at most 48 bytes. However, if the available data is exactly 48 bytes in size, CryptEncrypt would append an additional block of padding. The ‘read_buffer’ would then be required to be at least 64 bytes in size. As a result, CryptEncrypt fails, breaking out of the encryption loop. The last block of the file is hence never written, meaning it is lost…
The result of this bug is that for every file which’s size is a multiple of 48 bytes, the last 48 bytes are lost. Even if you managed to obtain a decryptor from the malware authors, these bytes cannot be recovered.
The decryptor will soon be available for all free of cost under the NoMoreRansom initiative.
Should You Use This Free Decryptor?
The main issue with tackling a ransomware attack is the recovery of data lost to the notorious malware encryption. The victims can’t be sure of having this data back even after paying the attackers.
There already have been numerous instances in the past where the decryptor provided by the attacker failed to recover the data. This leaves the victims with nothing but a loss of important data as well as money.
That’s why, whenever new ransomware surfaces online, people from the cybersecurity community start working to find a legit and free solution to help the victims.
To date, numerous legit free decryptors have surfaced online from different researchers, for instance, the decryptors for ThiefQuest, LooCipher, GandCrab, and the ZQ Ransomware. These have worked effectively well for the victims to recover their data without paying a fortune to the criminals.
Therefore, the victims of Lorenz ransomware may use the latest decryptor from Tesorion to recover their files. While it doesn’t yet guarantee a 100% data recovery, it might still help recover large amounts of data.