As part of the No More Ransom initiative, Avast Antivirus have released a tool that decrypts files locked by LambdaLocker ransomware.
Victims of LambdaLocker ransomware can now get their files back for free using a decryption tool released as part of the No More Ransom initiative.
The scheme was launched last year, with the goal of bringing law enforcement and private industry together to fight the file-locking malware.
No More Ransom recently celebrated its one year anniversary, and now offers over 50 decryption tools for use against more than 100 ransomware families.
Now cyber security researchers at Avast Antivirus have added a decryption tool for LambdaLocker to the portal, allowing victims to retrieve their files without paying the 0.5 Bitcoin [$2,200] ransom that attackers demand in exchange for the cryptographic key.
LambdaLocker first appeared in January and uses a combination of AES-256 and SHA-256 ciphers to encrypt victims’ files, making them inaccessible and adding the extension ‘.lambda_l0cked’.
But an error in the latest build of the ransomware has allowed Avast researchers to retrieve files.
“There was a bug in the cryptography implementation in the latest version of the LambdaLocker ransomware, which allowed us to decrypt the victims’ files without paying the ransom,” Ladislav Zezula, Malware Researcher at Avast, told ZDNet.
Like many forms of ransomware, it’s distributed via spam emails. LambaLocker is also reported to infect victims via game installers from hacked or malicious download sites and peer-to-peer networks.
Following infection, the victim is presented with a note demanding the ransom, complete with instructions on how to buy and use Bitcoin. The note – which is in English and Chinese – also demands victims pay within a month, or risk losing the encrypted files forever.
But thanks to the release of the decryption tool, victims no longer need to worry about paying the ransom and can retrieve their files without lining the pockets of criminals. At least if they’re attacked with a newer version of the ransomware – there’s currently no decryption available tool for older versions.
“Unfortunately, the decryption is only working for the newer version of LambdaLocker, but not for older versions,” said Zezula.
It’s thought that more than 28,000 decryptions have taken place using No More Ransom tools, preventing millions of dollars from being paid to cybercriminals.