Saddytech

Saddytech / lockbit-rescue

Public

A toolkit for recovering files encrypted by LockBit 3.0 ("Black") ransomware without paying the ransom, by exploiting a known keystream-reuse weakness.

lockbit ramsomware ramsomware-recovery
83
17
100% credibility
Found May 25, 2026 at 83 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A free recovery tool that helps victims of LockBit 3.0 ransomware get their files back without paying the ransom, by exploiting a weakness in how the ransomware encrypts files.

How It Works

1
🔒 Your files are locked

You discover that ransomware has locked all your files and encrypted them with an unfamiliar extension.

2
🔍 You find a free solution

You search online and find a free tool that can recover LockBit 3.0 encrypted files by exploiting a weakness in how the ransomware works.

3
⚙️ You set everything up

You download the tool and run a simple setup script that prepares everything automatically.

4
🔓 Your computer gets to work

The tool scans your encrypted files, groups them by attack, and uses a clever trick to unlock them without needing the attacker's password.

5
You verify what was saved

You run a quick check to make sure the recovered files are valid and not corrupted.

🎉 Your files are back

Your photos, documents, and other files are restored and ready to use again.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 83 to 83 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is lockbit-rescue?

This is a Python toolkit that helps LockBit 3.0 ransomware victims recover their files without paying the ransom. It exploits a documented cryptographic flaw in how the ransomware reused Salsa20 keystreams across files in the same encryption batch. The main script scans your infected directory, groups encrypted files by their shared encryption key, picks a "long-named" file as a known-plaintext oracle, and decrypts everything it can using that oracle's filename as a key to unlock the keystream. It ships with a verify script that runs libmagic checks across recovered files to flag anything that looks botched.

Why is it gaining traction?

The hook is straightforward: free recovery, no ransom payment. LockBit 3.0 has been one of the most prolific ransomware families, and this tool targets a specific weakness the malware author left in the crypto implementation. The auto-detection of the 9-character ransomware extension is clever -- you do not have to identify which variant hit you. The pipeline is resumable and handles batches with multiple files, which matters for enterprise environments with thousands of encrypted documents. The Phase 2 tools also extend coverage beyond what the basic flow can reach by brute-forcing keystream bytes for files with shorter oracles.

Who should use this?

Incident response teams and IT administrators managing ransomware fallout. If your organization was hit by LockBit 3.0 Black and you have backups that are too old to be useful, this is worth trying before even thinking about paying. Security researchers studying ransomware defense will also find the technical documentation useful for understanding the keystream-reuse attack surface. This is not for general-purpose ransomware recovery -- the exploit is specific to one malware family.

Verdict

This is a niche but technically solid tool for a very specific crisis. With 83 stars and a 1.0% credibility score, it lacks the community track record that builds trust for production use. The documentation is thorough and the approach is grounded in published research, which helps credibility, but you should test it against non-critical encrypted data first to confirm it works in your environment. Run the verify script after recovery to check file integrity. If you are a LockBit 3.0 victim, this is worth the effort -- just do not treat it as a magic bullet.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.