Join Our Popular Newsletter
Join 4,500+ Linux & Open Source Professionals!
2x a month. No spam.
Bitdefender free decryptor for LockerGoga ransomware will help victims recover files
Bitdefender has published a free decryptor, which is supposed to help LockerGoga ransomware victims to restore their files without having to pay a ransom.
The decryptor was developed thanks to a partnership with law enforcement agencies such as Europol, the NoMoreRansom Project, the Zürich Public Prosecutor’s Office and the Zürich Cantonal Police.
Most of the time, researchers are able to develop decryptors after they have identified vulnerabilities in the cryptography of the ransomware encryptor. Bitdefender decryptor was developed, however, after the LockerGoga operators were arrested in October 2021 and law enforcement must have received the private master keys, with which the encryption keys of the victim are decrypted.
The free tool is available for download from Bitdefender servers. The tool allows users to recover encrypted files by following instructions in the Bitdefender user manual.
To decrypt files, it is important to note that files that are encrypted by LockerGoga ransomware will have the “.locked” filename extension and can not be opened with normal software. What Bitdefender tool basically does is to scan the entire file system of a user or a single folder, to find all the encrypted files and to perform the decryption automatically.
Bitdefender’s tool can only work, if the computer is connected to the internet, and the ransom demands, which are generated by the ransomware gang during the encryption process, must be in the original paths. According to Bitdefender, the decryptor can work either on a single computer or on entire networks, which are encrypted with LockerGoga.
It is important to note that the decryption process can be interrupted or probably does not work as expected, which ultimately leads to users ending up with corrupted files. To address the issue, the decrypter has enabled the “Backup Files” option by default and users are advised to leave these settings enabled.
The sources for this piece include an article in BleepingComputer.