Awesome
LockOn Decryptor
If you have watched Envoye Special on 14-DEC-2017, you might have noticed the following piece of ransomware used: 5691844cacd14051ddd92ae5e50b13cf.
This malware is non-functional (merely a test) ; it will only encrypt files under C:\testrw
.
Nevertheless here is a decryption tool that might become handy:
- Checkout
Program.cs
- Compile with
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe Program.cs
(requires .NET Framework 4.0). - Locate
windowsdefender.bin
master key file (usually located in%TEMP%
). - Decrypt individual files, e.g.
Program.exe encrypted.lockon
.
PS. There is another weakness in the software, but this one was the most straightforward to exploit.