
Emsisoft Releases the Third Decryptor in a Few Days, This Time for LooCipher Ransomware
Security experts at Emsisoft released the third decryptor in a few days, this time announced a free one for the LooCipher ransomware.
A few days ago, the experts at Emsisoft released two free decryptors for the ZeroFucks ransomware and Ims00rry ransomware, now the malware team announced the released of a decryptor for the LooCipher ransomware.
Victims of the LooCipher ransomware don’t have to pay the ransom, they only need to download the decryptor from the link below:
Loocipher is a new threat that is rapidly spreading, its functionalities are pretty straight forward as effective, common to many other ransomware families.
Recently experts at Yoroi-Cybaze ZLab published a detailed analysis of the ransomware, below the key findings of the analysis:
- The ransomware spreads using weaponized Word document.
- The Command and Control is hosted on the TOR Network, at the following onion address “hxxp://hcwyo5rfapkytajg[.]onion” .
- The attackers leverage several Tor2Web proxy services to easily allow the access to the Tor C2.
- The binary can work both as cryptor and decryptor.
- The C2 dynamically generates a different Bitcoin address for each infection.
“LooCipher encrypts the victim’s files using AES-128 ECB, and adds the extension “.lcphr”.” states Eminsoft.
“No ransom note file is left, but the malware does leave a screen telling the victim to make a BitCoin payment and then use the same malware to decrypt their files once payment is complete.”

Emsisoft also published a Detailed usage guide for its decryptor.
A couple of weeks ago experts at Yoroi-Cybaze ZLab also released a free decryptor for Loocipher Ransomware
Enjoy it!
This post Emsisoft Releases the Third Decryptor in a Few Days, This Time for LooCipher Ransomware originally appeared on Security Affairs.