A statement from Talos said there was one requirement: the tool could be used only in cases where the initial PyLocky command and control traffic of an infected machine had been captured.
Researcher Mike Bautista, who developed the tool, wrote: "If the initial C2 traffic has not been captured, our decryption tool will not be able to recover files on an infected machine.
"This is because the initial callout is used by the malware to send the C2 servers information that it uses in the encryption process."
The ransom note left by the PyLocky ransomware. Courtesy Talos
The ransomware also generated a random initialisation vector or IV which was base64 encoded and sent to the C2 server along with the system information collected by PyLocky.
"After obtaining the absolute path of every file on the system, the malware then calls the encryption algorithm, passing it the IV and password," Bautista said.
"Each file is first base64-encoded before it is encrypted. The malware appends the extension '.lockedfile' to each file it encrypts - for example, the file 'picture.jpg' would become 'picture.jpg.lockedfile'. The original file is then overwritten with the attacker's ransom note."
He discouraged users from paying any ransom demanded by the creators of such malware as it rarely resulted in the recovery of files.
The free decryption tool can be downloaded here.