Hi,

I am the author of the Locker ransomware and I'm very sorry about that has happened. It was never my

intention to release this.

I uploaded the database to mega.co.nz containing "bitcoin address, public key, private key" as CSV.

This is a dump of the complete database and most of the keys weren't even used.

All distribution of new keys has been stopped.

https://mega.co.nz/#!W85whbSb!kAb-5VS1Gf20zYziUOgMOaYWDsI87o4QHJBqJiOW6Z4

Automatic decryption will start on 2nd of june at midnight.

@devs, as you might be aware the private key is used in the RSACryptoServiceProvider class .net and

files are encrypted with AES-256 bit using the RijndaelManaged class.

This is the structure of the encrypted files:

- 32 bit integer, header length

- byte array, header (length is previous int)

*decrypt byte array using RSA & private key.

Decrypted byte array contains:

- 32 bit integer, IV length

- byte array, IV (length is in previous int)

- 32 bit integer, key length

- byte array, Key (length is in previous int)

- rest of the data is the actual file which can be decrypted using Rijndaelmanaged and the IV and Key

Again sorry for all the trouble.

Poka BrightMinds