Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor


January 10, 2019 - 0 Comments

PyLocky is a family of ransomware written in Python that attempts to masquerade as a Locky variant. This ransomware will encrypt all files on a victim machine before demanding that the user pay a ransom to gain access to their decrypted files. To combat this ransomware, Cisco Talos is releasing a free decryption tool. Because our tool requires the capturing of the initial PyLocky command and control (C2) traffic of an infected machine, it will only work to recover the files on an infected machine where network traffic has been monitored. If the initial C2 traffic has not been captured, our decryption tool will not be able to recover files on an infected machine. This is because the initial callout is used by the malware to send the C2 servers information that it uses in the encryption process. 

For more information, check out the full post here.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.