Cisco researchers release PyLocky ransomware decryption tool

If you are unfortunate enough to infect PYLOCKY encryption ransomware, you can only say it is regrettable, because there is no tool to decrypt the ransomware until now. Even the PYLOCKY free decryption tool mentioned in this article may not help you at this time because the tool is very demanding. Only the user can successfully capture the initial network traffic .PCAP file of the ransomware and its remote server before using the tool to extract the key contained in it.

Cisco researchers found that after PYLOCKY encrypts the victim’s file, it sends a variety of information, including the key, to its remote control server. It is also true that if the user can capture the initial traffic of PYLOCKY then the key can be extracted, but almost no one will keep capturing traffic. Cisco researchers say that if the user does not have PYLOCKY initial traffic, then the tool cannot be used to obtain the key or decrypt the file.

Cisco said that although this PYLOCKY decryption tool is not very helpful to users, it is very common for most ransomware to decrypt.

The researcher explains, “if the initial C2 traffic has not been captured, our decryption tool will not be able to recover files on an infected machine. This is because the initial callout is used by the malware to send the C2 servers information that it uses in the encryption process.” You can download the PyLocky ransomware decryption tool from GitHub.

It is the most important thing for users to back up their important files regularly, otherwise, the ransomware of PYLOCKY will be very troublesome. In fact, many users only want to back up after encountering ransomware, but at this time, it is too late to restore files that have been encrypted. Especially for enterprise users, ransomware itself is a huge disaster.