Victims of LambdaLocker ransomware can now get their files back for free using a decryption tool released as part of the No More Ransom initiative.
The scheme was launched last year, with the goal of bringing law enforcement and private industry together to fight file-locking malware.
No More Ransom recently celebrated its one-year anniversary, and now offers over 50 decryption tools for use against more than 100 ransomware families.
Now cybersecurity researchers at Avast Antivirus have added a decryption tool for LambdaLocker to the portal, allowing victims to retrieve their files without paying the 0.5 Bitcoin ($2,200) ransom that attackers demand in exchange for the cryptographic key.
LambdaLocker first appeared in January and uses a combination of AES-256 and SHA-256 ciphers to encrypt victims' files, making them inaccessible and adding the extension '.lambda_l0cked'.
But an error in the latest build of the ransomware has allowed Avast researchers to retrieve files.
"There was a bug in the cryptography implementation in the latest version of the LambdaLocker ransomware, which allowed us to decrypt the victims' files without paying the ransom," Ladislav Zezula, malware researcher at Avast, told ZDNet.
Like many forms of ransomware, it's distributed via spam emails. LambdaLocker is also reported to infect victims via game installers from hacked or malicious download sites and peer-to-peer networks.
Following infection, the victim is presented with a note demanding a ransom, complete with instructions on how to buy and use Bitcoin. The note -- which is in English and Chinese -- also demands victims pay within a month, or risk losing the encrypted files forever.
But, thanks to the release of the decryption tool, victims no longer need to worry about paying the ransom and can retrieve their files without lining the pockets of criminals. At least if they're attacked with a newer version of the ransomware, that is -- there's currently no decryption available tool for older versions.
"Unfortunately, the decryption is only working for the newer version of LambdaLocker, but not for older versions," said Zezula.
It's thought that more than 28,000 decryptions have taken place using No More Ransom tools, preventing millions of dollars from being paid to cybercriminals.
The collaboration between cybersecurity companies and law enforcement agencies is proving more popular than its creators ever expected.
Darren Thomson gives his tips for better enterprise security.
READ MORE ON RANSOMWARE
- Ransomware: The smart person's guide [TechRepublic]
- Petya ransomware: Free decryption tool released for the original versions of this nasty malware
- Europol, Intel and Kaspersky team up to crack down on ransomware [CNET]
- Ransomware: This free tool lets you decrypt files locked by a common version of the malware
- Tell Bart and other ransomware families to 'Eat my shorts' with new, free decryption tools