Lorenz ransomware attack victims can now recover files with this free decryption tool

The Lorenz ransomware decryptor is the 120th ransomware decryption tool released for free as part of Europol's No More Ransom project.
Written by Danny Palmer, Senior Writer

Cybersecurity researchers have released a decryption tool that allows victims of Lorenz ransomware to decrypt their files for free – and crucially, without the need to pay a ransom demand to cyber criminals. 

This is particularly important for Lorenz, as a bug in the ransomware's code means that even if victims paid for the decryption key, some of the encrypted files can't be recovered. 

But following analysis of the malware, researchers at Dutch cybersecurity company Tesorion found that were able to engineer a decryption tool for Lorenz ransomware – and now it's available for free via No More Ransom

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

No More Ransom is a joint project by law enforcement agencies including Europol's European Cybercrime Centre, along with partners across Europe in cybersecurity and academics, which aims to disrupt the business of ransomware gangs by providing decryption keys that allow victims to retrieve their files without paying a ransom. 

The decryption key for Lorenz ransomware is the 120th decryptor to be made available on No More Ransom since the project began in 2016

Lorenz ransomware first emerged in April this year and those behind it have targeted organisations around the world.   

The cyber criminals behind Lorenz steal data before encrypting it and attempt to use this as additional leverage in the attack by threatening to publish the stolen information if the ransom isn't paid. This double extortion technique has become common among the most successful ransomware operations. 

Typically, the cyber criminals behind Lorenz demand a ransom of between $500,000 and $700,000 in bitcoin in exchange for the decryption key – but thanks to cybersecurity researchers at Tesorion and the No More Ransom initiative, those who fall victim to Lorenz can retrieve their files for free. 

However, the best way for organisations to prevent disruption from a ransomware attack is to avoid falling victim to one in the first place by having a sound cybersecurity strategy. 

SEE: Ransomware: Paying up won't stop you from getting hit again, says cybersecurity chief

Recommendations on how to achieve this from No More Ransom include regularly updating backups and storing them offline, so in the event of a ransomware attack, the data won't be destroyed by cyber criminals. 

It's also recommended that organisations use robust antivirus software and that all software and operating systems across the network are up to date with the latest updates and security patches so that cyber criminals can't exploit known vulnerabilities to gain access to the network to install ransomware. 


Editorial standards