Skip to content

newsoft/envoye-special-decryptor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Program.cs
Program.cs
 
 
README.md
README.md
 
 
encrypted.lockon
encrypted.lockon
 
 
windowsdefender.bin
windowsdefender.bin
 
 

Repository files navigation

LockOn Decryptor

If you have watched Envoye Special on 14-DEC-2017, you might have noticed the following piece of ransomware used: 5691844cacd14051ddd92ae5e50b13cf.

This malware is non-functional (merely a test) ; it will only encrypt files under C:\testrw.

Nevertheless here is a decryption tool that might become handy:

  1. Checkout Program.cs
  2. Compile with C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe Program.cs (requires .NET Framework 4.0).
  3. Locate windowsdefender.bin master key file (usually located in %TEMP%).
  4. Decrypt individual files, e.g. Program.exe encrypted.lockon.

PS. There is another weakness in the software, but this one was the most straightforward to exploit.

About

Ransomware decryption tool

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages