Big and good news for this start of the week, if device computer has been infected with PyLocky ransomware now all you have to do in order to resolve your problem is use the new free ransomware decryption tool that has just been released.
Cybersecurity researchers have just released a free decryption tool that decrypts for free all the files that have been infected with the PyLocky ransomware.
But like anything that resolves the dirty work it needs some help, the decryption tool works only if the victim has initially captured the network traffic PCAP file that has been exchanged firstly between the PyLocky ransomware and its C & C server.
The PCAP file is a must have because it contains a string that includes both Initialization Vector (IV) and a password, which the ransomware generates randomly to encrypt the files.
Sadly if the initial C2 traffic has not been captured, we have bad news for you, the decryption tool will not be able to recover files, because it does not have the initial callout that is used by the malware in the encryption process.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
For those who don’t know PyLocky ransomware was first spotted spreading through spam emails, like most malware campaigns. The PyLocky is a sneaky one, in order to avoid detection by sandbox security software, it sleeps for 999.999 seconds if the affected system’s total memory size is less than 4GB.
During a malware analysis, the cybersecurity researchers discovered that is written in python and packaged with PyInstaller. PyLocky ransomware modus operandi is: at first it converts each file into the base64 format and then uses randomly generated Initialization Vector (IV) and password to encrypt all the files on an infected computer.
If you are a victim and your device gets encrypted, PyLocky will display a ransom note claiming to be a variant of the well-known Locky ransomware and demands a ransom in cryptocurrency to “restore” the files.
PyLocky affected countries from Europe, particularly France and Italy, but it has also targeted Korea.
You can download the PyLocky ransomware decryption tool for Windows from GitHub for free.
How to stay safe in front of the ransomware cyberattacks
Keep an eye out for the phishing emails! Always be suspicious of unknown documents sent over an email and never click on links inside those documents unless verifying the source.
Always backup your device! Keep a good backup routine and keep the backup files on an external storage device that is not always connected to your PC.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.