Windows server 2012r2 infected with loki locker malware

Encrypted by Ransomware Loki locker, message received at the start of the day.

I removed the system and data disks immediately and installed the operating system and backups a few days later.

Edited by quietman7, 29 March 2024 - 05:15 PM.
Moved from MRL to Ransomware - Hamluis.

Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Loki Locker (Blackbit) Ransomware without paying the ransom (not advisable) and obtaining the private encryption keys from those who created the ransomware unless they are leaked or seized & released by authorities. The criminal's master private key is needed for decryption. Without the criminal's master private key, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way (RSA, AES, Salsa20, ChaCha20, EDA2, ECDH, ECC) that cannot be brute-forced...the public key alone that encrypted files is useless for decryption. 
 
If feasible, your best option is to restore from backups, try file recovery software to recover (not decrypt) some of your original files or backup/save your encrypted data as is and wait for a possible solution at a later time. 
 
There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• Loki Locker (BlackBit) Ransomware (.Loki, .BlackBit, .Rainman) Support Topic

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, IT consultants, victims and company representatives who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.
 
Thanks
The BC Staff