Dutch company Tesorion has released a free decryptor for data affected by Lorenz ransomware attacks. Now some files can be recovered for free, without paying the ransom.
Lorenz ransomware has been “operational” since April 2021 and attacks only corporate targets. During this time, the website of its operators published the data of twelve victims, whose information was stolen by hackers. According to cybersecurity researchers, the ransomware code is based on the code of the old ThunderCrypt and SZ40 malware families.
The decoder created by Tesorion can be downloaded from the NoMoreRansome website. Unlike other similar tools that usually work with the actual decryption key, this decryptor works differently and will only help you recover certain types of files. In particular, it is possible to decrypt files with well-known structure, including Office documents, PDF files, and some types of images and movies. Unfortunately, Tesorion will not cope with files of unknown types or with an unusual structure.
The researchers also published information on the encryption technique that Lorenz uses. The company’s blog says that an error was discovered in the hackers’ code that could lead to data loss and prevent files from being decrypted, even if the ransom was paid to the attackers.
“As a result of this error, for every file that is a multiple of 48 bytes, the last 48 bytes are lost. Even if you managed to get a decoder from the malware authors, these bytes can no longer be recovered, ”the experts explain.