Skip to content
Decryption tool for LooCipher Ransomware
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

ZLab - LooCipher Decryption Tool

This tool does not work if you restart your computer after the infection

Decryption tool for the LooCipher Ransomware

  1. Find the Process ID (PID) of the LooCipher ransomware
  2. Open cmd (the tool does not require elevated (Administrator) privileges)
  3. Move to the path where this tool was downloaded
  4. In the cmd prompt, type ZLAB_LooCipher_Decryptor.exe <PID>


Due to the continuing LooCipher infection campaign, we proceeded to release the decryptor in the shortest possible time in order to help the victims infected in the previous phase. So, the tool is a Beta release and it is still composed by an unsigned executable. We will provide to release some updates as soon as possible.

Thanks to Fortinet for their analysis about LooCipher obfuscation flaw. The tool embeds parts of Fortinet script.

New release!

The latest release and source code is available at:

You can’t perform that action at this time.