{ "id": "9273d6a4-79ee-441d-afe7-61da34f290aa", "created_at": "2026-04-06T00:06:32.793988Z", "updated_at": "2026-04-10T03:21:18.07139Z", "deleted_at": null, "sha1_hash": "fb0fb8258cbbcfba5469a752541be3699af4f58e", "title": "pyLocky Decryptor Released by French Authorities", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1584465, "plain_text": "pyLocky Decryptor Released by French Authorities\r\nBy Lawrence Abrams\r\nPublished: 2019-06-13 · Archived: 2026-04-05 18:15:15 UTC\r\nA decryptor for pyLocky Ransomware versions 1 and 2 has been released by French authorities that allows victim to decrypt\r\ntheir files for free.\r\nAccording to a post by the French Ministry of Interior,  this decryptor was created in collaboration between French law\r\nenforcement, the French Homeland Security Information Technology and Systems Service, and volunteer researchers.\r\n\"This tool is a result of a collaboration among the agencies of the french Ministry of Interior, including first the Brigade\r\nd’enquêtes sur les fraudes aux technologies de l’information  (BEFTI) of the Direction régionale de la police judiciaire de\r\nParis, on the basis of technical elements gathered during its investigations and the collaboration with volunteer researchers.\r\nThose elements allowed the Service des technologies et des systèmes d’information de la sécurité intérieure ST(SI)², part of\r\nthe Gendarmerie nationale, to create that software.\"\r\nhttps://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nWhile pyLocky has not seen a wide distribution, the post by the French Ministry of Interior states it is more active in\r\nEurope.\r\n\"PyLocky is very active in Europe and there are already many victims in France, both within the professional environment\r\n(SMEs, large businesses, associations, etc.) as well as at home.\"\r\nGetting the pyLocky Decryptor\r\nThe pyLocky decryptor will decrypt files encrypted by version 1 and 2 of the ransomware. Supported encrypted file\r\nextensions for version 1 are .lockedfile or .lockymap and version 2 is .locky.\r\nFor those who were encrypted, you can download the pyLocky Decryptor from the following link.\r\nTo use this decryptor, victims will need to have the Java Runtime installed. Once installed, victims can double-click on\r\nthe PyLocky_Decryptor_V1_V2.jar file to launch the decryptor.\r\nInstructions on how to use the decryptor are included in the downloaded zip file or can be read online.\r\nPossible Command \u0026 Control server takeover\r\nThe pyLocker Ransomware utilizes Command \u0026 Control servers on the Tor network. These Tor servers are provided in the\r\nransom notes created on a victim's computer as shown below.\r\nhttps://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/\r\nPage 3 of 5\n\npyLocky Ransom Note\r\nBased on analysis by Michael Gillespie, the decryptor contains 2 hard coded private RSA keys.\r\nThis could mean that French law enforcement or security researchers were able to gain access to a command and control\r\nserver and retrieve the master private encryption keys for versions 1 and 2 of the ransomware.\r\nIt would also indicate that this is not a flaw in the encryption algorithm used by the ransomware.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/\r\nPage 4 of 5\n\nSource: https://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/\r\nhttps://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/" ], "report_names": [ "pylocky-decryptor-released-by-french-authorities" ], "threat_actors": [], "ts_created_at": 1775433992, "ts_updated_at": 1775791278, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/fb0fb8258cbbcfba5469a752541be3699af4f58e.pdf", "text": "https://archive.orkl.eu/fb0fb8258cbbcfba5469a752541be3699af4f58e.txt", "img": "https://archive.orkl.eu/fb0fb8258cbbcfba5469a752541be3699af4f58e.jpg" } }