Cybersecurity researchers have released a decryption tool that allows victims of Lorenz ransomware to decrypt their files for free – and crucially, without the need to pay a ransom demand to cyber criminals.
This is particularly important for Lorenz, as a bug in the ransomware's code means that even if victims paid for the decryption key, some of the encrypted files can't be recovered.
But following analysis of the malware, researchers at Dutch cybersecurity company Tesorion found that were able to engineer a decryption tool for Lorenz ransomware – and now it's available for free via No More Ransom.
No More Ransom is a joint project by law enforcement agencies including Europol's European Cybercrime Centre, along with partners across Europe in cybersecurity and academics, which aims to disrupt the business of ransomware gangs by providing decryption keys that allow victims to retrieve their files without paying a ransom.
The decryption key for Lorenz ransomware is the 120th decryptor to be made available on No More Ransom since the project began in 2016.
Lorenz ransomware first emerged in April this year and those behind it have targeted organisations around the world.
The cyber criminals behind Lorenz steal data before encrypting it and attempt to use this as additional leverage in the attack by threatening to publish the stolen information if the ransom isn't paid. This double extortion technique has become common among the most successful ransomware operations.
Typically, the cyber criminals behind Lorenz demand a ransom of between $500,000 and $700,000 in bitcoin in exchange for the decryption key – but thanks to cybersecurity researchers at Tesorion and the No More Ransom initiative, those who fall victim to Lorenz can retrieve their files for free.
However, the best way for organisations to prevent disruption from a ransomware attack is to avoid falling victim to one in the first place by having a sound cybersecurity strategy.
Recommendations on how to achieve this from No More Ransom include regularly updating backups and storing them offline, so in the event of a ransomware attack, the data won't be destroyed by cyber criminals.
It's also recommended that organisations use robust antivirus software and that all software and operating systems across the network are up to date with the latest updates and security patches so that cyber criminals can't exploit known vulnerabilities to gain access to the network to install ransomware.
MORE ON CYBERSECURITY
- Ransomware: Five questions you need to ask about your defences, before you get attacked
- Have we reached peak ransomware? How the internet's biggest security problem has grown and what happens next
- Ransomware is now a national security risk. This group thinks it knows how to defeat it
- Russian-based DoubleVPN taken down by international law enforcement
- This company was hit by ransomware. Here's what they did next, and why they didn't pay up