Free Lorenz ransomware decryption tool helps victims recover stolen data

Lorenz is a human-operated ransomware that started operating in April 2021. Since then, 12 victims have had their information stolen and leaked. Lorenz ransomware's activity has been decreasing in recent times compared to other ransomware.

Free Lorenz ransomware decryption tool helps victims recover stolen data Picture 1

The Lorenz ransomware decryption tool can be downloaded from NoMoreRansome, allowing victims to recover some encrypted files.

Unlike other ransomware decryptors, which include a real decryption key, Tesorion's decrypter works and can only decrypt certain file types.

BleepingComputer quotes Tesorion expert Gijs Rijnders as saying that only common files will be decrypted: Office documents, PDF files, certain types of images and movie files. However, it still allows victims to recover important files.

As you can see below, the decoder can decode common file types, such as XLS and XLSX files, without any problems. However, it will not decode unknown file types or those with uncommon file structures.

Free Lorenz ransomware decryption tool helps victims recover stolen data Picture 2

In addition to providing a decrypter, Tesorion also provides detailed information on the encryption technique used by the Lorenz ransomware.

In a blog post, Rijnders explains that a bug in the encryption implementation can cause data to be lost, so the file is not decrypted even if the victim has paid the ransom.

"This error produces files that are multiples of 48 bytes in size, where the last element will be lost. Even if you obtain the decryptor of the ransomware attack, these bytes are still unrecoverable. " - Rijnders information.

David Pac

Update 30 June 2021