The SurfLocker (.SURF) Variant: SurfLocker Decryptor and Recovery
In our recovery lab today at Lockbit Decryptor, we isolated the SurfLocker ransomware strain. Our analysis confirms this is not a sophisticated enterprise threat but a variant of the open-source HiddenTear ransomware. This variant uses a simple XOR cipher with a hard-coded key, appending the .SURF extension. Despite its amateurish ransom note, the encryption is…