Menu

PyLocky Ransomware Decryption Tool Release, Unlock Files For Free

January 13, 2019 - Cyber Security
PyLocky Ransomware Decryption Tool Release, Unlock Files For Free


If your device has infected with PyLocky Ransomware and you are finding a free Ranware decryption tool to unlock or decrypt your data, then your search may end.

A security researcher Mike Bautista has released a free decryption tool at Cisco’s Talos Cyber ​​Intelligence Unit which decrypt’s the ransomware ercryption.

The decryption tool makes it possible for the victim to unlock their encrypted files in order to get rid of the infected pixel ransomware.


The decryption tool works for everyone, but there is a sufficient limit to successfully recover your files, which is you must have previously captured Network Traffic (PCAP file) between PyLocky ransomware and its command-and-control (C2) server , Which usually nobody fixes.                                       
Because the outbound connection- while the ransomware communicates with its C2 server and presents the information related to the decryption key – there is a string in which both the initial vector and a password are included, which are randomized to encrypt the ransomware data.

“If the first C2 traffic has not been captured, our decryption tool will not be able to recover files on an infected system. This is because the opening callout is used by the malware to send the C2 server”s information that it uses in the encryption process,” the researcher explained.

The first time seen in the Trend Micro by the researcher in July last year, PyLocky ransomware spreads via spam email, like most malware campaigns. It designed to force victims to run the PyLocky’s malicious codes.

To avoid detection by Sandbox security software, PyLocky Ransomware sleeps for 999.999 seconds – or just in 11 and one and a half days – if the total visual memory size of the affected system is less than 4GB. The file encryption process is executed only when it is greater than or equal to 4GB.

Written in Python and packed with PyInstaller, PyLocky ransomware first converts each file into base64 format and then uses randomly generated initial vector and password to encrypt all data on an infected device


Once a computer has been encrypted, PyLocky displays a ransom note that is a type of famous lockie ransomware and asks for ransom in cryptocurrency, which means “restore” the files.


PyLocky targeted businesses primarily in Europe, especially in France.Although the notes of the ransom were written in English, French, Korean and Italian, which suggested that Korean and Italian-speaking users are also targeted in it.

You can download the PyLocky ransomware decryption tool from GitHub for free and run it on your infected Windows computer.


You can download the PyLocky RanSamware decryption tool from GitHub for free and run it on your infected Windows devices to decrypt.

Locky, WannaCry, NotPetya and Leaker Locker Ransomware can not be high profile in the form of massive attacks of 2017, both individuals and enterprises are strongly recommended to follow the prevention measures mentioned below for their own safety.

Beware of Phishing emails:- Always be suspicious of uninvited documents sent over an email & never click on links inside those documents without verifying the sources.

Backup Regularly:- To always have a tight grip on all your important files & documents, keep a backup routine in place that makes their copies to an external storage device that is not always connected to your computer.

Keep your Antivirus software and system up-to-date:- Always keep your antivirus software and systems updated to protect against the latest threats.

Leave a Reply

Your email address will not be published. Required fields are marked *