LockBit (ACBD, LockBit 2.0 - .lockbit, .lock2bits, .luckyday) Support Topic

Any files that are encrypted with LockBit (ACBD, LockBit 2.0) ransomware will have an .abcd, .lockbit, .lock2bits or .luckyday extension appended to the end of the encrypted data filename and typically will leave files (ransom notes) named Restore-My-Files.txt, Recovery.txt as explained here by Amigo-A (Andrew Ivanov).
 
Note: PhobosImposter Ransomware is a variant of LockBit (ACBD) which appends .phobos extension and leaves files (ransom notes) named Restore-My-Files.txt.
 
Note: In May 2024, law enforcement was able to obtain numerous LockBit decryption keys, stolen victim data and cryptocurrency addresses as part of Operation Cronos which allowed seizure of LockBit infrastructure.
 
Victims of LockBit 3.0 (Black) should use the below support topic link.

• LockBit 3.0 Black / CriptomanGizmo ([random 9 chars]; README.txt) Support Topic

 
 
 
hi. help return the files. Is there a free decryption for this ransomware?

file https://www.sendspace.com/file/yfzg0q

Hello

Edited by Amigo-A, 19 October 2019 - 01:35 PM.

Is .acbd the complete extension appended to the end of your encrypted data file names? 

Did you find any ransom notes and if so, what is the actual name of the ransom note?
Can you provide (copy & paste) the ransom note contents?
Did the cyber-criminals provide an email address to send payment to? If so, what is the email address?
 

Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) or Emsisoft Website for assistance with identification and confirmation of the infection? ID Ransomware can identify ransomwares which adds a prefix instead of an extension and more accurately identifies ransomwares by filemarkers if applicable so try that first. Uploading both encrypted files and ransom notes together along with any contact email addresses or hyperlinks provided by the criminals gives a more positive match with identification and helps to avoid false detections.

Please provide a link to the ID Ransomware results.

here are all the files that were requested along with the note

https://www.sendspace.com/file/xfo1gj

Edited by Amigo-A, 20 October 2019 - 11:44 AM.

kevin198520...Please do as Amigo-A (Andrew Ivanov) has instructed....he is a trusted security professional and ransomware expert who volunteers his time here to assist victims of ransomware infection

My company was struck by these ransomware. They encrypted the entire network - 17 computers. We didn’t find a free decryptor and we had to pay money to ransomware

Did the decrypter the criminals sent you decrypt your files?

Yes, we got 17 programs. 1 program for 1 computer

Since you have a working decrypter, you can zip and submit it here with a link to this topic along with a few encrypted files, the private key and anything else the malware writers provided. Our crypto malware experts may be able to get some information to exploit by analyzing it further. While the decryption tool is not as good as analyzing the ransomware itself, it may still provide our experts some information about the encryption format used by the malware developers.

Yes, we got 17 programs. 1 program for 1 computer

all the files have been decrypted ? after what time did you get program a decryption ?

Since you have a working decrypter, you can zip and submit it here with a link to this topic along with a few encrypted files, the private key and anything else the malware writers provided. Our crypto malware experts may be able to get some information to exploit by analyzing it further. While the decryption tool is not as good as analyzing the ransomware itself, it may still provide our experts some information about the encryption format used by the malware developers.

I submit decrypter

 

Yes, we got 17 programs. 1 program for 1 computer

all the files have been decrypted ? after what time did you get program a decryption ?

 

Yes. 2 hours after payment

Bought a decrypt from this ransomware. The files are all recovered.
if necessary i can upload the program they sent me for the study