Computers infected by the Locker crypto-ransomware were decrypted on 03rd June as promised by the malware’s author, who last week posted the decryption keys to an upload site and apologized for releasing the malware. The infected computers were decrypted for free. Any machines that have removed the malware can use a tool posted to the site over the weekend to decrypt their files. A database containing the Bitcoin address where payments were to be made along with public and private keys was uploaded over the weekend to mega.co.nz in a CSV file, a post to Pastebin from the alleged author says. Details on the structure of the encrypted files were also provided. This is a dump of the complete database and most of the keys were not even used. All distribution of new keys has been stopped. The post also promised that automatic decryption of any infected computers was to begin at midnight today. Locker targets Windows machines and targets a slew of file types, including .doc, .docx, .xlsx, .ppt, .wmdb, .ai, .jpg, .psd, .nef, .odf, .raw, .pem, .rtf, .raf, .dbf, .header, .wmdb, .odb, .dbf.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street