{
	"id": "975f20f3-8c98-42e8-8c36-44986f0041b2",
	"created_at": "2026-04-06T01:30:19.315344Z",
	"updated_at": "2026-04-10T03:20:44.182317Z",
	"deleted_at": null,
	"sha1_hash": "a385565205d5610e48cef316cf6f1dc4751d83ec",
	"title": "Free decrypter available for Lorenz ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 127078,
	"plain_text": "Free decrypter available for Lorenz ransomware\r\nBy Catalin Cimpanu\r\nPublished: 2023-01-18 · Archived: 2026-04-06 01:15:58 UTC\r\nDutch cybersecurity firm Tesorion has released today a free application that can help victims of the new Lorenz\r\nransomware to recover encrypted files without paying the ransom.\r\nThe decrypter was announced in a blog post last week and officially released and added to the NoMoreRansom\r\nproject earlier today.\r\nAccording to a technical report authored by Tesorion security researcher Gijs Rijnders, the Lorenz ransomware\r\nencryption process contains a bug where files that have a size that is a multiple of 48 bytes are permanently\r\ndestroyed during encryption as the last 48 bytes are not written to the encrypted file and are permanently lost.\r\n\"Even if you managed to obtain a decryptor from the malware authors, these bytes cannot be recovered,\" Rijnders\r\nexplained.\r\n\"Based on our analysis of the Lorenz ransomware we have come to the conclusion that we can decrypt (non-corrupted) affected files in some cases without paying the ransom,\" the Tesorion researcher said.\r\n\"Supported file types include Microsoft Office documents, PDF files and some image and movie types,\" he added.\r\nRijnders said the decrypter is not universal and will work only \"in some cases.\" However, this is more of a chance\r\nthan many Lorenz victims have at recovering their files without paying hundreds of thousands of US dollars to the\r\nLorenz gang.\r\nhttps://therecord.media/free-decrypter-available-for-lorenz-ransomware/\r\nPage 1 of 2\n\nThe Lorenz ransomware was first seen in attacks that took place this spring, and according to security researchers,\r\nthe ransomware's code appears to have evolved from the old ThunderCrypt and SZ40 families.\r\nIn its most recent incarnation, Lorenz has been used exclusively in attacks carried out against enterprise targets.\r\nJust like similar \"big-game hunting\" ransomware operations, the Lorenz gang also runs a leak site on the dark web\r\nwhere it publishes data from victims who refuse to pay. Thirteen victims have been listed on this site so far.\r\nSource: https://therecord.media/free-decrypter-available-for-lorenz-ransomware/\r\nhttps://therecord.media/free-decrypter-available-for-lorenz-ransomware/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://therecord.media/free-decrypter-available-for-lorenz-ransomware/"
	],
	"report_names": [
		"free-decrypter-available-for-lorenz-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775439019,
	"ts_updated_at": 1775791244,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a385565205d5610e48cef316cf6f1dc4751d83ec.pdf",
		"text": "https://archive.orkl.eu/a385565205d5610e48cef316cf6f1dc4751d83ec.txt",
		"img": "https://archive.orkl.eu/a385565205d5610e48cef316cf6f1dc4751d83ec.jpg"
	}
}