LambdaLocker ransomware victim? Now you can decrypt your files for free

As part of the No More Ransom initiative, Avast Antivirus has released a tool that decrypts files locked by LambdaLocker ransomware.
Written by Danny Palmer, Senior Writer

Victims of LambdaLocker ransomware can now get their files back for free using a decryption tool released as part of the No More Ransom initiative.

The scheme was launched last year, with the goal of bringing law enforcement and private industry together to fight file-locking malware.

No More Ransom recently celebrated its one-year anniversary, and now offers over 50 decryption tools for use against more than 100 ransomware families.

Now cybersecurity researchers at Avast Antivirus have added a decryption tool for LambdaLocker to the portal, allowing victims to retrieve their files without paying the 0.5 Bitcoin ($2,200) ransom that attackers demand in exchange for the cryptographic key.

LambdaLocker first appeared in January and uses a combination of AES-256 and SHA-256 ciphers to encrypt victims' files, making them inaccessible and adding the extension '.lambda_l0cked'.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

But an error in the latest build of the ransomware has allowed Avast researchers to retrieve files.

"There was a bug in the cryptography implementation in the latest version of the LambdaLocker ransomware, which allowed us to decrypt the victims' files without paying the ransom," Ladislav Zezula, malware researcher at Avast, told ZDNet.

Like many forms of ransomware, it's distributed via spam emails. LambdaLocker is also reported to infect victims via game installers from hacked or malicious download sites and peer-to-peer networks.

Following infection, the victim is presented with a note demanding a ransom, complete with instructions on how to buy and use Bitcoin. The note -- which is in English and Chinese -- also demands victims pay within a month, or risk losing the encrypted files forever.

But, thanks to the release of the decryption tool, victims no longer need to worry about paying the ransom and can retrieve their files without lining the pockets of criminals. At least if they're attacked with a newer version of the ransomware, that is -- there's currently no decryption available tool for older versions.

"Unfortunately, the decryption is only working for the newer version of LambdaLocker, but not for older versions," said Zezula.

It's thought that more than 28,000 decryptions have taken place using No More Ransom tools, preventing millions of dollars from being paid to cybercriminals.

Previous coverage

No More Ransom: Initiative that outwits ransomware reaches first year

The collaboration between cybersecurity companies and law enforcement agencies is proving more popular than its creators ever expected.

'The answers are very simple': Symantec CTO talks ransomware, IoT, and patch management

Darren Thomson gives his tips for better enterprise security.


Editorial standards