Free decryptor for LooCipher Ransomware has been released

• This free decryptor allows LooCipher victims to decrypt their encrypted files without the need for paying the ransom.
• This decryptor has been created by security researcher Michael Gillespie with assistance from Francesco Muroni.

Emsisoft has released a free decryption tool for the LooCipher ransomware. This decryptor has been created by security researcher Michael Gillespie with assistance from Francesco Muroni.

What is LooCipher?

LooCipher is a ransomware which is distributed via phishing emails that include malicious Word documents. Once executed, the ransomware encrypts a victim's data and appends the .lcphr extension to encrypted file's names.

How does it work?

If you’re a victim of LooCipher ransomware and still have the encrypted files with you, then download the decrypt_LooCipher.exe program and save it in your desktop.

• Once it is downloaded, run the program with administrative privileges in order to decrypt all the encrypted files.
• Once started, the program will ask you to select an encrypted file and the same file in its unencrypted form.
• If you do not have an encrypted/unencrypted pair, use the sample pictures found in the C:\Users\Public\Pictures\Sample Pictures folder. These images are commonly encrypted by ransomware and their unencrypted versions can easily be downloaded from another computer.
• Upon selecting the files, click on the Start button to start brute-forcing the decryption key.
• Once the decryption key has been found, it will pop-up an alert. Click ‘OK’ on the alert window and the decryptor will restart with the key loaded.
• Next, click on the ‘Decrypt’ button to start the decryption process.
• Then, the decryptor will scan the computer for encrypted files that end with the .lcphr extensions and automatically decrypt them.

The bottom line

This free decryptor allows LooCipher victims to decrypt their encrypted files without the need for paying the ransom.