Security Researchers Reverse L4NC34 Ransomware’s Encryption Routine

L4NC34

L4NC34 ransomware’s encryption routine was reversed by security researchers by decrypting a file without paying the ransom. The L4NC34 ransomware was spotted by Sucuri Security when it began investigating an attack where a malicious actor encrypted all website files and appended “.crypt” to their file names. According to the researchers, the file was not an HTML or a .txt file. The ransom note was located within a PHP file that contained actual functions. The malicious PHP file was base64 encoded.

Source:https://www.tripwire.com/state-of-security/security-data-protection/l4nc34-ransomwares-encryption-routine-reversed-by-researchers/