Security experts at Emsisoft released the third
decryptor in a few days, this time announced a free one for the LooCipher ransomware.
A few days ago, the experts at Emsisoft released two free
Victims of the LooCipher ransomware don’t have to pay the ransom, they only need to download the decryptor from the link below:
- The ransomware spreads using weaponized Word document.
- The Command and Control is hosted on the TOR Network, at the following onion address “hxxp://hcwyo5rfapkytajg[.]onion” .
- The attackers leverage several Tor2Web proxy services to easily allow the access to the Tor C2.
- The binary can work both as cryptor and decryptor.
- The C2 dynamically generates a different Bitcoin address for each infection.
“No ransom note file is left, but the malware does leave a screen telling the victim to make a BitCoin payment and then use the same malware to decrypt their files once payment is complete.”
A couple of weeks ago experts at
The post Emsisoft releases the third decryptor in a few days, this time for LooCipher ransomware appeared first on Security Affairs.