- I am the author of the Locker ransomware and I'm very sorry about that has happened. It was never my
- intention to release this.
- I uploaded the database to mega.co.nz containing "bitcoin address, public key, private key" as CSV.
- This is a dump of the complete database and most of the keys weren't even used.
- All distribution of new keys has been stopped.
- Automatic decryption will start on 2nd of june at midnight.
- @devs, as you might be aware the private key is used in the RSACryptoServiceProvider class .net and
- files are encrypted with AES-256 bit using the RijndaelManaged class.
- This is the structure of the encrypted files:
- - 32 bit integer, header length
- - byte array, header (length is previous int)
- *decrypt byte array using RSA & private key.
- Decrypted byte array contains:
- - 32 bit integer, IV length
- - byte array, IV (length is in previous int)
- - 32 bit integer, key length
- - byte array, Key (length is in previous int)
- - rest of the data is the actual file which can be decrypted using Rijndaelmanaged and the IV and Key
- Again sorry for all the trouble.
- Poka BrightMinds
- ~ V
Locker database release
a guest May 30th, 2015 36,497 Never
RAW Paste Data