- Aug 17, 2017
- 1,485
The notorious LockCrypt virus operates as several different variants and encrypts data appending different file extensions. One of those versions uses .1btc appendix and is now decryptable, as security team from Bitdefender released official decoder that can be used to recover all personal data safely. You can download it from the official website.
Unfortunately, .1btc extension was used for an older version of the virus that was active between February and May 2018, and hackers already moved on to a new variant – it locks files by appending .bi_d extension and is there is no known method to recover data that is affected.
LockCrypt was first spotted in the middle of 2017 and focused on various businesses. The primary distribution tactic used by hackers was the brute-force attacks on Remote Desktop Services, i.e., weak passwords were merely guessed by attackers. The attackers then installed crypto-malware manually and spread it to networked computers. After infiltration and malicious code execution, victims could see a text file on their desktop and inside every folder which contained encrypted data. Ransom notes used one of the following names:
Apart from the now decryptable version, LockCrypt also used .lock (used upon initial release), .2018, and .mich extensions. Despite not having an official decryptor, users could contact Michael Gillespie for file recovery. As of now, the only variant that can not be decoded remains .bi_d. There is not much known about attackers themselves, apart a couple of things. The Command & Control server used is located in Iran. Security experts also speculated that same hacker group was responsible for previously distributing Satan ransomware
Full article LockCrypt ransomware decryption tool released by Bitdefender
Unfortunately, .1btc extension was used for an older version of the virus that was active between February and May 2018, and hackers already moved on to a new variant – it locks files by appending .bi_d extension and is there is no known method to recover data that is affected.
LockCrypt was first spotted in the middle of 2017 and focused on various businesses. The primary distribution tactic used by hackers was the brute-force attacks on Remote Desktop Services, i.e., weak passwords were merely guessed by attackers. The attackers then installed crypto-malware manually and spread it to networked computers. After infiltration and malicious code execution, victims could see a text file on their desktop and inside every folder which contained encrypted data. Ransom notes used one of the following names:
- ReadMe.txt
- Restore Files.txt
- How To Restore Files.txt
Apart from the now decryptable version, LockCrypt also used .lock (used upon initial release), .2018, and .mich extensions. Despite not having an official decryptor, users could contact Michael Gillespie for file recovery. As of now, the only variant that can not be decoded remains .bi_d. There is not much known about attackers themselves, apart a couple of things. The Command & Control server used is located in Iran. Security experts also speculated that same hacker group was responsible for previously distributing Satan ransomware
Full article LockCrypt ransomware decryption tool released by Bitdefender
