French authorities released the PyLocky decryptor for versions 1 and 2

by / Friday, 14 June 2019 / Published in Hacking

0 Shares

Good news for the victims of the pyLocky Ransomware versions 1 and 2, French authorities have released the pyLocky decryptor to decrypt the files for free.

French authorities have released a decryptor for pyLocky Ransomware versions 1 and 2. The decryptor allows victims to decrypt their files for free. It was developed in collaboration between French law enforcement, the French Homeland Security Information Technology, and Systems Service, along with independent and volunteer researchers.

“PyLocky is very active in France, both within the professional environment (SMEs, large businesses, associations, etc.) as well as at home. This tool is a result of a collaborative Among the agencies of the french Ministry of Interior, Including the first Brigade of fraud investigations in information technology (BEFTI) of the Regional Directorate of the Judicial Police of Paris , on the of technical elements gathered during its investigations and collaboration with volunteer researchers.” reads the post published by the French Ministry of Interior states it is more active in Europe.

“Those elements allowed the Homeland Security Information Technology and Systems Service ST (SI) ², part of the National Gendarmerie , to create that software.”

French Ministry of Interior pointed out that the ransomware hit many people in Europe, especially SMBs, large businesses, associations.

The pyLocky decryptor allows to decrypt file for version 1 (filenames having the .lockedfile or .lockymap extensions) and version 2 ( extensions .locky).

The pyLocky Decryptor could be downloaded from the following link:

https://www.cybermalveillance.gouv.fr/wp-content/uploads/2019/02/PyLocky_Decryptor_V1_V2.zip

The decryptor has as pre-requisite the installation of the Java Runtime.

“This software decrypts the encryption of files with the extension .lockedfile or .lockymap and version 2 (encrypted files with the .locky extension) of PyLocky.” continues the report. “It requires a computer running the operating system Microsoft Windows 7 or higher and the execution environment Java JRE (Java Runtime Environment) version 8.”

The malware researcher Michael Gillespie analyzed the decryptor and noticed the presence of 2 hardcoded private RSA keys that were likely obtained by French police from the access to the C2 server hosted on the Tor network.

Let me remind you that the decryptor doesn’t clean the infected systems.

Pierluigi Paganini

(SecurityAffairs – pyLocky Decryptor, malware)

The post French authorities released the PyLocky decryptor for versions 1 and 2 appeared first on Security Affairs.

Security Affairs

0 Shares

Tagged under: authorities, Decryptor, French, PyLocky, released, Versions

## Are you looking for products for hacking, computer security and penetration testing? Do you need to clean up your smartphone, your PC or your site from viruses and malware? Do you need to track down someone or retrieve urgent information? Do you want to buy devices already configured to experiment all the hacking techniques quickly and easily? Do you have special needs in software or hardware? ##

Contact us now … another 2300 users like you have already done it this year!

Click here now!