We just released a new decryption tool for the ChernoLocker ransomware strain. You can download the free decryption tool linked below. A detailed guide is also included.
Download the ChernoLocker Decryptor here
ChernoLocker decryptor by Emsisoft
Technical details
ChernoLocker is programmed in Python, and encrypts files using AES-256, adding the extension “(.CHERNOLOCKER)”. When ran before it encrypts the victim’s files, the following popup appears:
ChernoLocker fake popup window
Unlike most ransomware strains that include a text file containing its ransom note, ChernoLocker’s ransom note is delivered via a popup window. It reads:
ChernoLocker’s ransom note
All Your Files have now been encrypted with the strongest encryption You need to purchase the encryption key otherwise you won’t recover your files Read the Browser tab on ways to recover your files Make Sure you don’t loose this Email as you it will be loosing it will be fatal Write it in a notepad and keep it safe Email: filelocker@protonmail.ch
Once the encryption is finished, the victim’s browser is set to redirect to a website that has the following image:
ChernoLocker Website
Download the ChernoLocker Decryptor here
Successful decryption of ChernoLocker encrypted files
Regardless of what the ChernoLocker ransom note might say, our decryption tool can help you recover your files for free. Support for this tool is provided by the experts at Bleeping Computer. If you need help using it, please post details of your problem here.