CYBER SECURITY ENTHUSIAST

If your computer gets infected with ransomware, here is how to recover your data:


Step 1: Do not pay the ransom because there is no guarantee that the ransomware creators will allow you to recover your data.

Step 2: Find any available backups you have.

Step 3: If there are no back-ups, you will need to try to decrypt the information locked by ransomware by using the best ransomware decryption tools available.

 

In this anti-ransomware guide, we included these tools below and a very useful checklist to avoid all types of malware. Use the links below to navigate through it.

How to identify the ransomware you’ve been infected with
Ransomware decryption tools
Explanation on ransomware families and tools for decryptio
How to avoid ransomware in the future
Quick checklist for ransomware protection

How to identify the ransomware you’ve been infected with

Sometimes, the ransom note says what type of ransomware your files have been encrypted with, but it can happen that you don’t have this information at hand. Readers have asked us to show which encryption extensions belong to which ransomware families. Many of these extensions signaled new types of encrypting malware, for which there are no decryptors available.

If you need help with identifying what ransomware your system has been infected with, there are two tools you can use:

Crypto Sheriff from No More Ransom

ID Ransomware from MalwareHunter Team

Please read the terms and conditions specific to these tools before using them.

Ransomware decryption tools – an ongoing list

As a disclaimer, you should know that the list below is just a starting point. Use it, but do a bit more research as well. Safely decrypting your data can be a nerve-wrecking process, so try to be as thorough as possible.

We’ll do our best to keep this list up to date, but it’ll probably never be definitive. Contributions and suggestions are more than welcome, as we promise to promptly follow up on them and include them on the list.

Some of the ransomware decryption tools mentioned below are easy to use, while others require a bit more tech knowledge to break. You can try asking for help on one of these malware removal forums, which feature tons of information and helpful communities.

OpenToYou decryption tools

Globe3 decryption tool

Dharma Decryptor

CryptON decryption tool

Alcatraz Decryptor tool // direct tool download

HiddenTear decryptor (Avast)

NoobCrypt decryptor (Avast)

CryptoMix/CryptoShield decryptor tool for offline key (Avast)

Damage ransomware decryption tool

.777 ransomware decrypting tool

7even-HONE$T decrypting tool

.8lock8 ransomware decrypting tool + explanations

7ev3n decrypting tool

AES_NI Rakhni Decryptor tool

Agent.iih decrypting tool (decrypted by the Rakhni Decryptor)

Alcatraz Ransom decryptor tool

Alma decrypting tool

Al-Namrood decrypting tool 

Alpha decrypting tool

AlphaLocker decrypting tool

Amnesia Ransom decryptor tool

Amnesia Ransom 2 decryptor tool

Apocalypse decrypting tool

ApocalypseVM decrypting tool + alternative

Aura decrypting tool (decrypted by the Rakhni Decryptor)

AutoIt decrypting tool (decrypted by the Rannoh Decryptor)

Autolocky decrypting tool

Badblock decrypting tool + alternative 1

BarRax Ransom decryption tool

Bart decrypting tool

BitCryptor decrypting tool

BitStak decrypting tool

BTCWare Ransom decryptor

Chimera decrypting tool + alternative 1 + alternative 2

CoinVault decrypting tool

Cry128 decrypting tool

Cry9 Ransom decrypting tool

Cryakl decrypting tool (decrypted by the Rannoh Decryptor)

Crybola decrypting tool (decrypted by the Rannoh Decryptor)

CrypBoss decrypting tool

Crypren decrypting tool

Crypt38 decrypting tool

Crypt888 (see also Mircop) decrypting tool

CryptInfinite decrypting tool

CryptoDefense decrypting tool

CryptoHost (a.k.a. Manamecrypt) decrypting tool

Cryptokluchen decrypting tool (decrypted by the Rakhni Decryptor)

CryptoMix Ransom decrypting tool

CryptoTorLocker decrypting tool

CryptXXX decrypting tool

CrySIS decrypting tool (decrypted by the Rakhni Decryptor – additional details)

CTB-Locker Web decrypting tool

CuteRansomware decrypting tool

Damage ransom decrypting tool

Dharma Ransom Rakhni decryptor tool

DeCrypt Protect decrypting tool

Democry decrypting tool (decrypted by the Rakhni Decryptor)

Derialock ransom decryptor tool

DMA Locker decrypting tool + DMA2 Locker decoding tool

Fabiansomware decrypting tool

Encryptile decrypting tool

FenixLocker – decrypting tool

Fury decrypting tool (decrypted by the Rannoh Decryptor)

GhostCrypt decrypting tool

Globe / Purge decrypting tool + alternative

Gomasom decrypting tool

GandCrab decrypting tool

Harasom decrypting tool

HydraCrypt decrypting tool

HiddenTear decrypting tool

Jaff decrypter tool

Jigsaw/CryptoHit decrypting tool + alternative

KeRanger decrypting tool

KeyBTC decrypting tool

KimcilWare decrypting tool

Lamer decrypting tool (decrypted by the Rakhni Decryptor)

LambdaLocker decryption tool

LeChiffre decrypting tool + alternative

Legion decrypting tool

Linux.Encoder decrypting tool

Lock Screen ransomware decrypting tool

Locker decrypting tool

Lortok decrypting tool (decrypted by the Rakhni Decryptor)

Marlboro ransom decryption tool

MarsJoke decryption tool

Manamecrypt decrypting tool (a.k.a. CryptoHost)

Mircop decrypting tool + alternative

Merry Christmas / MRCR decryptor

Mole decryptor tool

Nanolocker decrypting tool

Nemucod decrypting tool + alternative

NMoreira ransomware decryption tool

Noobcrypt decryption tool

ODCODC decrypting tool

Operation Global III Ransomware decrypting tool

Ozozalocker ranomware decryptor

PClock decrypting tool

Petya decrypting tool + alternative

Philadelphia decrypting tool

PizzaCrypts decrypting tool

Pletor decrypting tool (decrypted by the Rakhni Decryptor)

Pompous decrypting tool

PowerWare / PoshCoder decrypting tool

Popcorn Ransom decrypting tool

Radamant decrypting tool

Rakhni decrypting tool

Rannoh decrypting tool

Rector decrypting tool

Rotor decrypting tool (decrypted by the Rakhni Decryptor)

Scraper decrypting tool

Shade / Troldesh decrypting tool + alternative

SNSLocker decrypting tool

Stampado decrypting tool + alternative

SZFlocker decrypting tool

Teamxrat / Xpan decryption tool

TeleCrypt decrypting tool (additional details)

TeslaCrypt decrypting tool + alternative 1 + alternative 2

TorrentLocker decrypting tool

Umbrecrypt decrypting tool

Wildfire decrypting tool + alternative

WannaCry decryption tool + Guide

XData Ransom decryption tool

XORBAT decrypting tool

XORIST decrypting tool + alternative
MoneroPay Ransomware decrypting tool

Explanation on ransomware families and tools for decryption

As you may have noticed, some of these ransomware decryption tools work for multiple ransomware families, while certain strains have more than one solution (although this is rarely the case).

From a practical perspective, some of the decryptors are easy to use, but some require some technical know-how. As much as we’d want this process to be easier, it doesn’t always happen.

No matter how much work and time researchers put into reverse engineering cryptoware, the truth is that we’ll never have a solution to all of these infections. It would take an army of cyber security specialists working around the clock to get something like this done.

This list of #ransomware decryption tools could help you get your data back for free:

CLICK TO TWEET

How to avoid ransomware in the future

Being pragmatic doesn’t mean adopting a pessimistic outlook. In fact, if you apply the simple steps we outlined in the anti-ransomware security plan, you can avoid this kind of attacks and the need to use ransomware decryption tools to recover your data.

Even if cyber criminals do manage to infect your PC, you can just wipe the system clean and restore your latest backup. No money lost and, most importantly, no important information compromised! So, please, please back up your data. Not tomorrow, not this weekend, not next week. Do it today!

I hope that it will solve some of your ransomware-related problems. Moreover, please think about sharing the simple principle of proactive protection with your friends and family. It could spare them the negative experience of being a cyber attack victim.

As new types of ransomware emerge, researchers decrypt some strains and others get new variants. There are tens or hundreds of them. Just like in a cat and mouse game, the chase never stops.

If this graphic would be filled out with the discoveries until 2018, you’d need a bigger screen (possibly 3) to see this.

ransomware discoveries CERT RO 3 1

Source: CERT-RO

Believe it or not, there is a silver lining to ransomware’s popularity: the quality of the malicious code is steadily decreasing. As a result, cyber security specialists can crack the code faster. This gives ransomware victims a change to retrieve their data without further funding attackers.

Unfortunately, low quality ransomware also endangers the affected data: one error in the code and it can all be erased instead of encrypted. But that’s a story for another time.

Quick checklist for ransomware protection

Instead, take the time see how to avoid ransomware attacks with this essential sheet. How many check marks can you score?

your anti ransomware checklist petya 1

This article was originally published by Andra Zaharia on October 5th, 2016 and was updated by Ana Dascalescu on January 18th, 2017.

What is Ransomware
2017.05.15 SLOW READ

What is Ransomware – 15 Easy Steps To Protect Your System [Updated]

The Anti-Ransomware Protection Plan
2016.05.24 SLOW READ

The Anti-Ransomware Protection Plan You Need to Follow Today

ransomware-distribution-in-companies
2016.04.01 QUICK READ

Ransomware Distribution: How One Infection Can Go Network-Wide

Comments

It is any tool for making “bruteforcing” key for decrypti a ransome?

Taylor Rutherford on April 13, 2018 at 4:42 pm

We have been hit by ransomware that encrypted with file extension .waiting. Is there a program to decrypt? We used another install for rahkni which gave us a key, but we can’t use it. We can’t find the name of our ransomware anywhere.

I have been hit by this ransomware as well. On alternate sites, some have mentioned it could be a new version of STOP ransomware. Not sure if any decrypters exist?

Hi!

I have infected by CRY36 with extension .damage

Any new to decrytp this? Regards

Hello, Cesar! Sorry to hearing that! We don’t know about a decryption tool available for this type of ransomware, but please have a look at these links and see if they can help you: https://www.kasperskyclub.com/support/question/10 + https://howtoremove.guide/cry36-ransomware-remove/ + https://www.2-viruses.com/remove-cry36-losers-virus Thanks and stay safe!

Any decryption tools for .helpers@cock.li?

Hi,
Infected file link: http://www.eurosoft-download.co.uk/Support/BCabDatabase.rar
If is there any tool by which I can decrypt ransomware .rapid extension file then reply back please, I shall be very thankful to you

Hello! So sorry to hear that! Unfortunately, we don’t know about a decryption tool available to unlock your data. However, I recommend reading this guide from here: https://www.2-spyware.com/remove-rapid-ransomware.html and see how it can help. Also, you may find useful this one: https://www.experts-exchange.com/questions/29084006/Has-anyone-found-a-decryptor-for-ransomware-rapid.html Thanks and stay safe!

hi naveed bhai i have infected by cryston ransomwear with extention .damage .
please can you have any other tool for this virus remove it.

Hey Andra, is there any decryption tool for .sage file ransomware? 🙁

Hi Blair! So sorry to hear that! We are not aware of any decryption tool for sage ransomware, but you may want to have a look at this guide and see if it can help to recover your data: https://www.2-spyware.com/remove-sage-ransomware-virus.html Stau safe and hope you’ll get your data back!

Estou enfrentando um problema com arquivos .obama de repente todos os arquivos convertidos em extensão .obama

hi,

have been infected with ransomware which has encrypted my data files to extention *.qqcrypt i.e. abc.txt has been converted to abc.txt.qqcrypt

Kindly let me know if you have any information on this ransomware and also for any decryptor tools for the same.

Thanking you in anticipation.

Files on my network drives were recently encrypted by ransomware with extension .2018. This seems to be a new thread and I was wondering if there is a decrypting tool out there for it.

See sample:
GgZNVCJbSwVxVioMbgxrJXRQMEtEJDMBBGNhMFFVaVh8JBc7Y0R6JSAxfVYJT3s6NkYRSxAobSw2HTIlY0t9H0MGbCoDORtgCjwWAjM6SkJDYg== ID 24LALL4FWGHEVTRR.2018

Hello, Edem! I am sorry to hear that! We don’t have information about a decryption tool, but we can investigate it. Could you please provide us more details? It would help if you could send us a screenshot of the files encrypted and the ransom note. Please send these details to corpsupport@heimdalsecurity.com and our technical team will try to find out more. Thank you!

You guys have been so great at responding! I was hit with a Ransomware virus that converts your files to something like: apzyalaz.locked and leaves the file,
“[HOW_TO_DECRYPT_FILES].html”

I’ve heard it called the LockeR ransomware. I have copies of an encrypted and unencrypted file. Would you be able to help me decrypt it? THANK you in advance for any help or replies!

Hi Jesse. So sorry to hear that you’ve been infected with ransomware! Here you can find helpful information about the Locker ransomware https://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-and-help-topic/page-31#entry3721545 Also, we have a dedicated article on decryption tools: https://heimdalsecurity.com/blog/ransomware-decryption-tools/ Hope it helps! Stay safe!

i am infected by dharma ransomware (.java). is there any decrypt tools available ?

Hello! I’m so sorry to hear that! We’ve updated our article on ransomware decryption tools and you’ll find info on how to decrypt this one too. Hope it helps and stay safe! https://heimdalsecurity.com/blog/ransomware-decryption-tools/

Hi Ana,

Great article 🙂 Congratulations!
I just read about another tool, and probably interest in adding here. Check it out:
Decryptor for MoneroPay Ransomware – https://nioguard.blogspot.com.br/2018/02/decryptor-for-moneropay-ransomware.html

Hi Amitay and thanks for the appreciation. Indeed, a great tool for the MoneroPay Ransomware, I’ll add it to the list. Cheers!

This is so well explained for computer novices. A great post that I found interesting and I am an IT expert.

Many thanks for your feedback, John! Happy to know this article was useful. You can also find helpful our free online educational resources: https://heimdalsecurity.com/security-education-resources

hi john
i am infecte by crypton ransomwear with extention please you hane any other tool remove this virus

Just use Qubes OS and ditch windows and live your life. Problem solved! If I need to believe you al than here on Xp I have and entire store of ransom, malware, ect.. You all need to stop with this because this is not fun anymore. You need to now your pc in and out and fir the best is Windows 7 if you stay on Windows. Windows 10 is crapware and will die out and just follow the reactions on Ghakcs when there is a article of W10. These people are an example that know more then the laypeople and the most of them discard W10 because it’s crapware.

Redirecting the link for “malware removal forums” to the recent article on blogs makes no sense as they cannot and do not help with removal of ransomware.

Additionally, redirecting the original “32 Go-To Security Forums for Free Malware Removal Help” dated March 5, 2015, also doesn’t make sense since blogs do not help with malware removal.

Hi Corinne, thanks for the input, we fixed the redirection. Those forums and blogs contain a lot of valuable information on malware and, indeed, ransomware cases. Cheers!

hai, im doing a research about ransomware classification based on signature approach for my final year project. any suggestion on how i can classify ransomware ? i really need help. Thank you

Hi Camely and thank you for your message. I would recommend reading our article on ransomware https://heimdalsecurity.com/blog/what-is-ransomware-protection/ where you’ll find useful info on the most notorious ransomware families. Hope this helps and good luck with your research and final year project.

thanks for sharing blog i love this blog and learned a lot form this…
http://antivirus-support.net/for-avg-support.php

Hi, Andra….
We’ve facing problem with frogo_Ransomware which infected my files.
my file encrypted by that virus and unable to open.
Did you familiar with this kind of Ransomware ?

Regards,
Dedi Supriadi – +62 85287838484

Hi Andra can i get a decryption tool for Nemesis Ransomware.

Hi. please help me for decrypt files those encrypt with MOLE ransomware.
Thanks

Essam Al-Moraissi on May 19, 2017 at 2:53 pm

I have infected with ransomware and all my files are become locked with MOLE extension. I have used most of decryptor tool but without benefits.

Please help me

is there any tools to decrypt .xcrypt extension files

Is there any way to decrypt my files they are encypted by ransomeware virus.
it affects all my .jpeg .mp4 and all important file by .xcrypt extension

Hello Andra, do you have any file fix for .MOLE extension thank you 🙂

Leaton G. Johnson on May 16, 2017 at 1:39 am

Is there any help for files that were corrupted with the cryptodefense malware after April 1st, 2014? The tools for before April 1st 2014 do not work for my files.

Hey Andra,
Thanks for the information, I’ve few pc’s infected with .Osiris extension is there any decryptor for it?
Thanks

Hi Tahir! Unfortunately, .osiris is an extension used by Locky ransomware, which is impossible to decrypt at this point. Sorry we can’t help.

Hello Andra
Need help with my server, all files have been encrypted wit shnell ransomware there by shutting down all services even basic administrative tools can not be accessed.
please advice

Hello Isaac,

So sorry to hear about your situation, but there isn’t much we can do about this, given we don’t have a decryption tool for it in our list. Maybe you can try the Crypto Sheriff tool to find out if it is a known strain and come back to the list to check for potential fixes: https://www.nomoreransom.org/crypto-sheriff.php Best of luck!

Hi
What can I do for shnell ransomeware
Which tool should I use?
Thanks

Hi,
Is there any way to decrypt my files they are encypted by RAAS ransomeware.
it affects all my .jpeg .mp4 and all important file just lefting few like .gz and .exe

Hi Abhi,

So sorry to hear that, but we can’t help, I’m afraid. Unfortunately, there’s no way to decrypt it yet.

I am facing problem with .wallet files suddenly all files converted into .wallet extension.

kindly help me what i suppose to do.

Hi Ali,

So sorry to hear that, but we can’t help, I’m afraid. Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

Hello Ali,

A few days ago, the Dharma ransomware was decrypted and a decryption tool has appeared. You can access it here: https://www.nomoreransom.org/decryption-tools.html

anything you can do for this
! ! IMPORTANT INFORMATION ‘l I
Allcof, your files are encrypted with RSA-2048 and AES-1285ciphers.
More information about the RSA andeAES can e be found here:
(cryptosystem) czbchttp://eLÄ!<.pedie-ægLyiki/Adyanced
Decrypting of your files isbonly possible withdthe privateA<ey and decryptdprogram, which isöon *our secret server.
Todreceive youraprivateEkey follow one of the links :
If all ravailable, follow*hesedsteps:
1. Download and installeTor Browser:
: / html
2. 4fter a successfulæinstallation, run the and wait fom initialization.
cddb3.eTypeeinothe address bar: g46mbrrzpfszonuk.onion/1CUZ3X6WQQATGH7U 4 : Followbthecinstructions oncthe site.
! ! ! e Your?personal identification ID: ICUZ3X6WQQATGH7U ! ! !

Hi Michael,

Sorry about your issue, but there isn’t much we can do about this, given we don’t know which strain you got infected with. Maybe you can try the Crypto Sheriff tool to find out what it is: https://www.nomoreransom.org/crypto-sheriff.php

Is there any decryptor for .wnrozba files? mY computer is infected

How to decrypt spora ransomware .It came with .HTA file In windows its acts as google chrome HTML file and now it just corrupt all excel and word files.There is no any dedicated extension of this ransomware. All word files and excel files are in their default extension that is xlsx and docx.

Hi Kawal!

Unfortunately, there is no way to decrypt Spora ransomware infected files for free at the moment.

wallet file decrypter ?

Hi Atish,

So sorry to hear that, but we can’t help, I’m afraid. Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

Hello Atish,

A few days ago, the Dharma ransomware was decrypted and a decryption tool has appeared. You can access it here: https://www.nomoreransom.org/decryption-tools.html

is there any tool to decrypt .wcry files which because virus

Hi there!

For the moment we cannot confirm the strain without looking at it, but you can use Crypto Sheriff to find out: https://www.nomoreransom.org/crypto-sheriff.php

Hi…
My files are encrypted by 84E0…
Is there any tool…

Hello,
Is there any decryptor for x3m ransomware?

For the moment, there is no decryption tool for this type of ransomware.

Hello,
I have infected files .crypto shield.
I need help.
What is the recommended tool to decrypt?

Hi Robert!

For the moment, there is no way to currently decrypt files encrypted by CryptoShield for free. Also, a newer version (2.0) has emerged last week, which is also impossible to decrypt currently. Sorry for the bad news.

Hello,
I have infected files .cryptoshield.
What program you can decode them?
Thank you in advance for the information.

Al my files have .b76a in it. Is there anything that can decrypt all of my files??

Hi Roger!

For the moment we cannot confirm the strain without looking at it, but you can use Crypto Sheriff to find out: https://www.nomoreransom.org/crypto-sheriff.php

Hi ! I have lot of files (excel and pdf) infected by dharma, any decription tool available?
Thanks, Alba

Nothing for .Osiris then?

my files got locked with the extension.ba22. i need help please

Hi Henry, unfortunately, we don’t have information on that particular extension. However, you can use this tool to find out what type of ransomware you’ve been infected with, so you can find potential solutions to decrypt it: https://www.nomoreransom.org/crypto-sheriff.php

Hello Andra,

I have many jpgs and video files which I backed up from a memory card I used on a Blackberry long time ago.
This device was stolen, and most part of the files are on the .rem RIM’s extension.
My question is: is told that just the original device which encrypted the original file can open and decrypt it; files saved/backed up from the original memory cards cannot be read on Macs/PCs.
Is there any software that could do this job in my case, as I had it stolen a long time ago on the airport?
Best.

Hi Danilo! I’m afraid you’re going to have to ask Blackberry for help here, because I can’t provide support for other products than our own. Sorry and best of luck! I really hope you get your data back safe and sound.

Hi, I had been hit by a virus that change all my files extension to .wallet which Decryption Tools is recommended?

Hi Richard,

So sorry to hear that, but we can’t help, I’m afraid. Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

my word and excel file got .sage extension,kindly suggest the appropriate toll

me to i got the same problem with my word and winrar files please tell me what to do or the tool i need

Good night do you know if there is any tool to decrypt ransomware with the “shit” extension? i think it belongs to locky family thank you!

Hi,

I have an awesome .merry file extension. 🙂 This is a massive Ransomware. I’m looking for decryptor for it.
Do you have any idea?

Thank you

Hi Steve!

Luckily, there’s a tool to decrypt it: https://decrypter.emsisoft.com/mrcr

We’ve also added it to the list. I hope you get your files back soon and safely!

Do you know what ransomware is k2p and k23p? I cannot find anywhere on the internet, it seems to be Globe but Globe2 doesn’t work…

Hi Ben!

For the moment we cannot confirm the strain without looking at it, but you can use Crypto Sheriff to find out: https://www.nomoreransom.org/crypto-sheriff.php

Does anyone know of a decrypter for ransomeware .aes256 extension? Absolutely killing me.

same problem here!

can you please provide help for jigsaw ransomware or provide any toll

The decryption tools list includes a decryptor for Jigsaw. You can find the link in the article.

Any one can help me to recover .wallet extension files

Hi there! Unfortunately, there is no decryption tool for Dharma ransomware.

HI MY SERVER HARD DRIVE ENCRYPTED USED DISKCRYPTOR TOOL FROM HACKERS ANY SOLUTION?

Hello! Sorry, but we don’t offer assistance with ransomware decryption. Malware-removal support is only available for Heimdal CORP customers. I hope you find a way to get your data back safe and sound!

Sidharaj Sinh Jadeja on January 3, 2017 at 3:17 pm

Hi
my external HDD as effected ransom-ware
Its showing .bb1a
you can suggest any tool for this
Please replay.
Regards

Bat-Erdene Chuluunbat on January 1, 2017 at 6:02 pm

I have attacked .wallet ransomwere on my company server on Dec 25, 2016. Bad thing is backup also infected. I’m in big trouble can’t eat and sleep may lose my job. I contact with those criminals they required 5 bit coins it is equal to 4000$ that is too much i can’t pay it. If have anything about .wallet please help me.

So sorry to hear that, but we can’t help, I’m afraid. Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

lulz…..I hope you make more than $4000. If you only have one backup, you may deserve to lose your job.

Any about .Wallet?
The files have a name, xmen_xmen [@] aol. com
e.g, Filename.pdf.[xmen_xmen@aol.com].wallet
Remote case in Costa Rica from 23-Dec-16

Hi Tames! Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

Thanks for replay, any news let me know!

Hello . Pls my blackberry device got infected by a malware with file extension .rem is there any decryptor to get me off the hook ?

Hi Charles! I’m happy to say that your Blackberry has not been affected with ransomware. In fact, .rem is an extension that shows that your files have been encrypted and are safe. In this case, we’re talking about non-malicious encryption used by Blackberry to secure your data. More info here: http://www.openthefile.net/extension/rem

what about .90f1

I can’t associate that extension with anything, Francesco. Maybe you can try the Crypto Sheriff tool to find out what it is: https://www.nomoreransom.org/crypto-sheriff.php

hi ,
there any decryption tool lavandos@dr.com.wallet

what about .b53c?

If it’s not on the list, I’m afraid there’s no solution for it yet.

.9788 in pictures , music , documents

Sorry, no news on that yet.

Are there any experiences with paying the ransom? Will they un-encrypt your files and just go away? Or will that lead to more demands?

Cyber security experts, the Europol, the FBI and many more authorities and specialists advise to never pay up. There is no guarantee that you’ll get your data back or that the decryption key will work. There are cases where the ransomware is poorly coded and can’t be decrypted, even with the correct key, because the encryption went badly. Also, paying the ransom will just feed the malware economy and enable cybercriminals to continue attacking people and companies all over the world.

Hi,
What can I do for .b727 type of attack.
is there any solution for the same?
Regards

Unfortunately, Sigit, this seems like a new strain of ransomware and there is no decryptor available for it yet.

Jhonathan Bastidas on December 7, 2016 at 2:23 am

.thor?

Jhonathan, this is actually a new extension Locky started to use, and, unfortunately, Locky hasn’t been cracked yet. I’m sorry we can’t help.

Hi,
What can I do for .zzzz type of attack.
is there any solution for the same?
Regards

Unfortunately, Priya, there is no decryptor available for this type of ransomware yet.

Hi Andra ,

Could you please help me to in decryption process for my files infected with Ransomware v.5.0
I don’t know what is that but it damaged my word, excel, pdf and jpeg files 🙁

Regards,

Unfortunately, Mohamed, we do not offer assistance for individual cases. Asides from the tools available here, we don’t have anything else that can help. I’m sorry about your situation.

i
What can I do for .a2df files.

I don’t know of any tools that can decrypt this ransomware, Danush. I’m sorry.

Is there a tool for ZAAEBZM?

.8df4 Cerber any tools to remove this.

There are not decryption tools for Cerber yet, sorry.

Hi Andra,

Firstly thank you for this great post.

I was attacked with CrptoLocker Ransomware on 15th Oct. Please let me know as and when you come across a decrypter tool for the same.

Thanks a lot
-Harsha

Hi there! Sorry to hear about your issues. There is no decryption tool available for Cryptolocker yet. It’s one of the oldest and strongest ransomware families, so it’s unlikely that it’ll be decrypted anytime soon.

Thanks a lot for the reply Andra! I shall wait!

hi, what is the extension of your encrypted files ?

Hi Cihen,

Sorry for the late reply.

No change in the file extension. The files are in their usual extension.

Thank You
Harsha

Hi andra,

do you have any tool to decrypt cyber ransome infections

Hi
my external HDD as effected ransom-ware
Its showing .zendr4
you can suggest any tool for this
Please replay.
Regards

Hi Noufal!

If it’s not on the list yet, it probably doesn’t have a decryptor. But I hope one will appear soon. So sorry to hear about your issue.

Any dycrypter for Cerber 4 I was hit last week shortly after this came out I have run numerous spyware malware & AV packages on my machine and moved all files to separate drive and locked away until such time as a solution arrives

Any tools discovered for ZEPTO?

Not that we know of. Sorry, Bob. We’ll update as soon as something reliable comes up.

Hi
What can I do for .afa8 files.
Which tool should I use?
Thanks

Hi there! Unfortunately, we have no knowledge at this point about a ransomware strain that turns files into .afa8. We’ll keep you posted if we do. Sorry to hear about your troubles.

Great blog, keep going. Lot of learning everyday from this blog.

Thanks a bunch for your feedback, Ajay! We promise to keep it up.

Frederik Bechmann on October 6, 2016 at 2:04 pm

Congrats on the new blog layout, Andra.

Quality content needs a quality frame 😉

Thank you so much, Frederik! It was a team effort and I’m really glad you enjoy it.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP