A free decryptor for Fileslocker ransomware has been created after the leaking of the master key for the ransomware on Pastebin.
The master key is the key utilized by threat actors to decrypt files that have been encoded by the ransomware. The post was generated on December 29, 2018, and states that the master key, which decrypts the secret key, is “relevant to V1, V2 version” and that the poster is “waiting for safety personnel to create decryption tools.”
A free decryptor for Fileslocker ransomware was created by Michael Gillespie, the inventor of MalwareHunterTeams’ ID Ransomware – A tool that can be utilized to decide what ransomware variation has been utilized to encrypt files.
Interestingly, a new Christmas-themed type of Fileslocker ransomware was released in late December which encrypted files and modified the Desktop wallpaper to a Christmassy background. Moreover, the browser on an infected appliance was opened and the Pastebin decryption key was shown.
In order for the free decryptor for Fileslocker ransomware to operate, a victim should upload the ransomware note from the Desktop. The ransom note has the encrypted decryption key, which is unlocked using the newly developed master key-based decryptor.
Filerlocker ransomware is a ransomware-as-a-service offering that is typically distributed by partners who get a cut of the profits from any ransom payments they make from distributing the ransomware. What is not understood is why the master key was released.
The Pastebin posting provides a hint. It finishes with the expression “The end is just the beginning,” which indicates that Fileslocker ransomware is no more and the group at the rear of the ransomware is moving on to other tasks. This is not unusual. When ransomware variations are retired, the master keys are often issued online. What the threat group moves onto subsequent is anyone’s guess, but for now, at least, any persons who are infected with Fileslocker ransomware will be able to decrypt their files for free of charge.