Locker Unlocker Download Link
Locker Unlocker will decrypt the files infected by "Locker v*" (you can tell if you have Locker if the splash screen has a padlock image on it with a orange BTC logo). The whole key database is included in the decrypter for now, which makes the tool a larger size (a whopping 70megs), sorry about that, It was just to get the tool out ASAP and will change soon.
The steps are as follows:
- Enter BitCoin Address (Make sure there is no spaces or other characters in your entry! It must only be your BTC Address!)
- Select your decryption method (List Decryption uses the list the virus created and is the most pratical and recommended method. Directory Decryption attempt to decrypt all files in a given directory. Be careful with this method as any non-encrypted files in the folder will be possibly corrupted. There is validation before decryption, but do not rely on it. If you use this method, copy the encrypted files to a new directory and select it.
- Select where either your list is (List Decryption Method) or where your Directory is (Directory Decryption)
- Remove Encrypted files - This option will prevent the tool from creating backups of the encrypted files next to the decrypted files. It is suggested you NOT enable this option the first run.
- Create Log - This will create a log of all successfully decrypted files and failed files on the desktop.
The pastebin message from the Locker developer is:
I am the author of the Locker ransomware and I'm very sorry about that has happened. It was never my
intention to release this.
I uploaded the database to mega.co.nz containing "bitcoin address, public key, private key" as CSV.
This is a dump of the complete database and most of the keys weren't even used.
All distribution of new keys has been stopped.
Automatic decryption will start on 2nd of june at midnight.
@devs, as you might be aware the private key is used in the RSACryptoServiceProvider class .net and
files are encrypted with AES-256 bit using the RijndaelManaged class.
This is the structure of the encrypted files:
- 32 bit integer, header length
- byte array, header (length is previous int)
*decrypt byte array using RSA & private key.
Decrypted byte array contains:
- 32 bit integer, IV length
- byte array, IV (length is in previous int)
- 32 bit integer, key length
- byte array, Key (length is in previous int)
- rest of the data is the actual file which can be decrypted using Rijndaelmanaged and the IV and Key
Again sorry for all the trouble.