Thor Premium Image

It's finally possible to have total, next-gen security against ransomware, malware and other threats.

Discover Thor Premium Home
and take advantage of the one-time deal.

Buy now Only

200

licenses left!
CYBER SECURITY ENTHUSIAST

If your computer gets infected with ransomware, here is how to recover your data:


Step 1: Do not pay the ransom because there is no guarantee that the ransomware creators will allow you to recover your data.

Step 2: Find any available backups you have.

Step 3: If there are no back-ups, you will need to try to decrypt the information locked by ransomware by using the best ransomware decryption tools available.

 

In this anti-ransomware guide, we included these tools below and a very useful checklist to avoid all types of malware. Use the links below to navigate through it.

How to identify the ransomware you’ve been infected with
Ransomware decryption tools
Explanation on ransomware families and tools for decryptio
How to avoid ransomware in the future
Quick checklist for ransomware protection

How to identify the ransomware you’ve been infected with

Sometimes, the ransom note says what type of ransomware your files have been encrypted with, but it can happen that you don’t have this information at hand. Readers have asked us to show which encryption extensions belong to which ransomware families. Many of these extensions signaled new types of encrypting malware, for which there are no decryptors available.

If you need help with identifying what ransomware your system has been infected with, there are two tools you can use:

Crypto Sheriff from No More Ransom

ID Ransomware from MalwareHunter Team

Please read the terms and conditions specific to these tools before using them.

Ransomware decryption tools – an ongoing list

As a disclaimer, you should know that the list below is just a starting point. Use it, but do a bit more research as well. Safely decrypting your data can be a nerve-wrecking process, so try to be as thorough as possible.

We’ll do our best to keep this list up to date, but it’ll probably never be definitive. Contributions and suggestions are more than welcome, as we promise to promptly follow up on them and include them on the list.

Some of the ransomware decryption tools mentioned below are easy to use, while others require a bit more tech knowledge to break. You can try asking for help on one of these malware removal forums, which feature tons of information and helpful communities.

OpenToYou decryption tools

Globe3 decryption tool

Dharma Decryptor

CryptON decryption tool

Alcatraz Decryptor tool // direct tool download

HiddenTear decryptor (Avast)

NoobCrypt decryptor (Avast)

CryptoMix/CryptoShield decryptor tool for offline key (Avast)

Damage ransomware decryption tool

.777 ransomware decrypting tool

7even-HONE$T decrypting tool

.8lock8 ransomware decrypting tool + explanations

7ev3n decrypting tool

AES_NI Rakhni Decryptor tool

Agent.iih decrypting tool (decrypted by the Rakhni Decryptor)

Alcatraz Ransom decryptor tool

Alma decrypting tool

Al-Namrood decrypting tool 

Alpha decrypting tool

AlphaLocker decrypting tool

Amnesia Ransom decryptor tool

Amnesia Ransom 2 decryptor tool

Apocalypse decrypting tool

ApocalypseVM decrypting tool + alternative

Aura decrypting tool (decrypted by the Rakhni Decryptor)

AutoIt decrypting tool (decrypted by the Rannoh Decryptor)

Autolocky decrypting tool

Badblock decrypting tool + alternative 1

BarRax Ransom decryption tool

Bart decrypting tool

BitCryptor decrypting tool

BitStak decrypting tool

BTCWare Ransom decryptor

Chimera decrypting tool + alternative 1 + alternative 2

CoinVault decrypting tool

Cry128 decrypting tool

Cry9 Ransom decrypting tool

Cryakl decrypting tool (decrypted by the Rannoh Decryptor)

Crybola decrypting tool (decrypted by the Rannoh Decryptor)

CrypBoss decrypting tool

Crypren decrypting tool

Crypt38 decrypting tool

Crypt888 (see also Mircop) decrypting tool

CryptInfinite decrypting tool

CryptoDefense decrypting tool

CryptoHost (a.k.a. Manamecrypt) decrypting tool

Cryptokluchen decrypting tool (decrypted by the Rakhni Decryptor)

CryptoMix Ransom decrypting tool

CryptoTorLocker decrypting tool

CryptXXX decrypting tool

CrySIS decrypting tool (decrypted by the Rakhni Decryptor – additional details)

CTB-Locker Web decrypting tool

CuteRansomware decrypting tool

Damage ransom decrypting tool

Dharma Ransom Rakhni decryptor tool

DeCrypt Protect decrypting tool

Democry decrypting tool (decrypted by the Rakhni Decryptor)

Derialock ransom decryptor tool

DMA Locker decrypting tool + DMA2 Locker decoding tool

Fabiansomware decrypting tool

Everbe Ransomware decrypting tool

Encryptile decrypting tool

FenixLocker – decrypting tool

Fury decrypting tool (decrypted by the Rannoh Decryptor)

GhostCrypt decrypting tool

Globe / Purge decrypting tool + alternative

Gomasom decrypting tool

GandCrab decrypting tool

Harasom decrypting tool

HydraCrypt decrypting tool

HiddenTear decrypting tool

Jaff decrypter tool

Jigsaw/CryptoHit decrypting tool + alternative

KeRanger decrypting tool

KeyBTC decrypting tool

KimcilWare decrypting tool

Lamer decrypting tool (decrypted by the Rakhni Decryptor)

LambdaLocker decryption tool

LeChiffre decrypting tool + alternative

Legion decrypting tool

Linux.Encoder decrypting tool

Lock Screen ransomware decrypting tool

Locker decrypting tool

Lortok decrypting tool (decrypted by the Rakhni Decryptor)

Marlboro ransom decryption tool

MarsJoke decryption tool

Manamecrypt decrypting tool (a.k.a. CryptoHost)

Mircop decrypting tool + alternative

Merry Christmas / MRCR decryptor

Mole decryptor tool

Nanolocker decrypting tool

Nemucod decrypting tool + alternative

NMoreira ransomware decryption tool

Noobcrypt decryption tool

ODCODC decrypting tool

Operation Global III Ransomware decrypting tool

Ozozalocker ranomware decryptor

PClock decrypting tool

Petya decrypting tool + alternative

Philadelphia decrypting tool

PizzaCrypts decrypting tool

Pletor decrypting tool (decrypted by the Rakhni Decryptor)

Pompous decrypting tool

PowerWare / PoshCoder decrypting tool

Popcorn Ransom decrypting tool

Radamant decrypting tool

Rakhni decrypting tool

Rannoh decrypting tool

Rector decrypting tool

Rotor decrypting tool (decrypted by the Rakhni Decryptor)

Scraper decrypting tool

Shade / Troldesh decrypting tool + alternative

SNSLocker decrypting tool

Stampado decrypting tool + alternative

SZFlocker decrypting tool

Teamxrat / Xpan decryption tool

TeleCrypt decrypting tool (additional details)

TeslaCrypt decrypting tool + alternative 1 + alternative 2

Thanatos decryption tool

TorrentLocker decrypting tool

Umbrecrypt decrypting tool

Wildfire decrypting tool + alternative

WannaCry decryption tool + Guide

XData Ransom decryption tool

XORBAT decrypting tool

XORIST decrypting tool + alternative
MoneroPay Ransomware decrypting tool

Explanation on ransomware families and tools for decryption

As you may have noticed, some of these ransomware decryption tools work for multiple ransomware families, while certain strains have more than one solution (although this is rarely the case).

From a practical perspective, some of the decryptors are easy to use, but some require some technical know-how. As much as we’d want this process to be easier, it doesn’t always happen.

No matter how much work and time researchers put into reverse engineering cryptoware, the truth is that we’ll never have a solution to all of these infections. It would take an army of cyber security specialists working around the clock to get something like this done.

This list of #ransomware decryption tools could help you get your data back for free:

CLICK TO TWEET

How to avoid ransomware in the future

Being pragmatic doesn’t mean adopting a pessimistic outlook. In fact, if you apply the simple steps we outlined in the anti-ransomware security plan, you can avoid this kind of attacks and the need to use ransomware decryption tools to recover your data.

Even if cyber criminals do manage to infect your PC, you can just wipe the system clean and restore your latest backup. No money lost and, most importantly, no important information compromised! So, please, please back up your data. Not tomorrow, not this weekend, not next week. Do it today!

I hope that it will solve some of your ransomware-related problems. Moreover, please think about sharing the simple principle of proactive protection with your friends and family. It could spare them the negative experience of being a cyber attack victim.

As new types of ransomware emerge, researchers decrypt some strains and others get new variants. There are tens or hundreds of them. Just like in a cat and mouse game, the chase never stops.

If this graphic would be filled out with the discoveries until 2018, you’d need a bigger screen (possibly 3) to see this.

ransomware discoveries CERT RO 3 1

Source: CERT-RO

Believe it or not, there is a silver lining to ransomware’s popularity: the quality of the malicious code is steadily decreasing. As a result, cyber security specialists can crack the code faster. This gives ransomware victims a change to retrieve their data without further funding attackers.

Unfortunately, low quality ransomware also endangers the affected data: one error in the code and it can all be erased instead of encrypted. But that’s a story for another time.

Quick checklist for ransomware protection

Instead, take the time see how to avoid ransomware attacks with this essential sheet. How many check marks can you score?

your anti ransomware checklist petya 1

This article was originally published by Andra Zaharia on October 5th, 2016 and was updated by Ana Dascalescu on January 18th, 2017.

What is Ransomware
2017.05.15 SLOW READ

What is Ransomware – 15 Easy Steps To Protect Your System [Updated]

The Anti-Ransomware Protection Plan
2016.05.24 SLOW READ

The Anti-Ransomware Protection Plan You Need to Follow Today

ransomware-distribution-in-companies
2016.04.01 QUICK READ

Ransomware Distribution: How One Infection Can Go Network-Wide

Comments

HI
we have been hit by .divine Files
3 backups where also hit one is 1/2 ok is there any chance of encrypting the rest

Hello Caroline! So sorry to hear this! We don’t know about a decryption tool available, but you can check out this guide: https://www.2-spyware.com/remove-everbe-2-0-ransomware.html. As a quick reminder, we strongly recommend not to pay the ransom and try an anti-malware solution. Hope this helps!

I have a GANDCRAB V5.0.3 ransomware and the file extension is .encrypted and have the extension: .COGEPBADVJ. Please help

GANDCRAB V5.0.3
COGEPBADVJ-DECRYPT

Please help all my files are renamed to COGEPBADVJ file type but with the original name and size. I even reinstalled windows but nothing change.

I have a KRAKEN ENCRYPTED ransomware and the file extension is .SZLPU so I guess this is a new ransomware and I tried to search it on the internet and nothing found, hope that it will have a decryptor someday my files are very important, It asked me to pay 0.75 Bitcoin

I was hit with something that left everything with an extension of crypted000007 and when I try to find out what it is none of the suggested sites give me an accurate answer. One tell me its the Troldesh Shade ransomeware but when I get a decrpytor for it it doesn’t work.
Please help me.

I was hit with something that left everything with an extension of crypted000007 and when I try to find out what it is none of the suggested sites give me an accurate answer. One tell me its the Troldesh Shade ransomeware but when I get a decrpytor for it it doesn’t work.
Please help me.

We have been hit by divine ransomware. can you please suggest us any decryptor for .divine extension

You can compress the sample and send via gmail maytinhcn to support decoding

Hi,
What can I do for .gamma type of attack? Is there any solution for the same?

Regards

Did you find .gamma decryptor?

Hi there! Thank you for reaching out! We don’t know about decryptor available for this type of ransomware, but you can check out this guide: https://www.2-spyware.com/remove-gamma-ransomware.html, maybe it can help you.

any solution for combo ransomeware

id-30D21504.[cerys.stone2@aol.com].combo

Hi I may be able to help. email me Jason at scoltock. com

Potrzebuję pomocy. Wszystkie pliki z rozszerzeniem *.combo :((((

my pc have .krab virus can you suggest a free decryptor or no registration codes are needed to recover my files from .krab virus. TIA ..

Hello, Darwin! Thanks for reaching out! I am so sorry to hear that! You’ve probably been infected with GandCrab V4 ransomware which has this new .krab extension. Unfortunately, we don’t know or any decryptor available, but this article could be useful: https://www.2-spyware.com/remove-gandcrab-v4-ransomware.html Thank you and remember to patch your apps and OS frequently. Stay safe!

Fomos atacados pelo rans com a extensão arquivo.id-626E14C4.[buydecrypt@qq.com].bip . Será que tem como reverter? Não tenho backup desses arquivos.

Hello
tell me please than you can decode files .combo

I Need Decrptor for .combo file extension

plz help

Hi there! Unfortunately, we don’t know of any decryptor available, but maybe this forum could help: https://www.bleepingcomputer.com/forums/t/682694/encrypted-combo-files/ Thanks!

Roger Vázquez López on September 12, 2018 at 9:50 pm

Hello. Dou you have decrypter tool for Fastbob

Hi,
Do you have any solution to decrypt this kind of file [buydecrypt@qq.com].bip ?
What about Heimdal PRO ?
Thanks for your reply
Alain

Hello, Alain! Thank you for reaching out! If you need to decrypt. bip files, it might help to check out these resources: https://sensorstechforum.com/bip-files-virus-dharma-ransomware-remove-restore-files/ plus https://www.2-spyware.com/remove-bip-file-extension-virus.html . Heimdal PRO is now called Thor Foresight and decryption services are not included,but it is available for those who have the corporate version included. Please let me know if I can help with anything else, and feel free to contact our support team at support@heimdalsecurity.com

Hi,

We just got hit with Lock Crypto 2.0. Has anyone figured out how to decrypt files that have been encrypted with this Ransomware?

Thanks,
Pat

Hello, Patrick! So sorry to hear you got hit by this type of ransomware. Hope this guide can help: https://www.2-spyware.com/remove-lockcrypt-2-0-ransomware.html

Hello, anyone know smt about .rapt extensions?

I am also a suffered person by ransome in 2017, it was my first time experience, before that I never had heard about it, after having a massage in my desktop screen I immediately format my system and that was a big mistake ever I done. My 10 years working effort spoiled for some creepy minded people. Till now I am in hope that one day I able to recover my all valuable data. Want your help to recover my file if there was any possibilities after format. The code which they have send is SPEy0oxc1mpzzb0cY-1BA4C2C55A5602F0

Hi
What can I do for .ionablas files.
Which tool should I use?
Thanks

Hello Ivan! Thank you for reaching out! Unfortunately, I have no information about these files with such extension (.ionablas) and didn’t find details about it, so I can’t recommend you a specific tool. However, I would recommend to run at least an antivirus product on your computer/devices and scan for suspicious (malicious) files. Also, make sure all your apps and operating system are up to date.

As known recently New Dharma Ransomware is under fast distribution and all important documents like (sql,mdf,log,pdf,doc,docx, xls,xlsx,dwg,mp3,mp4,mpeg,avi,jpg, bmp,vb) are encrypted with extensions (arrow, java, cesar, arena, bip or combo) and not usable/readable unfortunately. If you and one of your customers/friends are infected of this ransomware you could send 3-4 encrypted files (XLS, DOC, PDF or Photo File) to below email address, After checked your files, you will be informed within 1-2 days.

Email: mcerdem82@yahoo.com

Hi Chihan,

Have been able to retrieve PDF and XLS file through Seqrite team. Need help with DB files of SQL which are corrupted

I was hit by GandCrab v2 in April. I come back from time to time to check if there’s a decryptor avaible finally, but unfortunately no.

Will there ever be a decryptor for the ransom files “.CRAB”?

I have important documents waiting on my pc for months now, but I’m getting hopeless as time flows…

Hello! So sorry to hear that! Maybe you can find useful this step-by-step guide https://www.2-spyware.com/remove-gandcrab2-ransomware.html and you can recover your data. We strongly recommend not to pay the ransom.

hi, there is solution but you should pay, do you think to pay ?

Morning i have been infected with the .BIG_FILE
all repertories have the files ”how_to_back_files.html’
Can someone help to treat this?

Hi, do you have a deception for EVIL Ransomeware?
BA3533CB-E536-4724-B423-A5C9F85B049A.xml.[evil@cock.lu].EVIL

Hi, Please let us know if you have any decryptor available for the EVIL

Hi and thanks for reaching out! We don’t know about a decryptor tool available for this type of ransomware, but you may find useful this guide: https://sensorstechforum.com/evil-locker-ransomware-remove-restore/ Hope this helps.

I hope you all have a great week. I’ve added a new list. This is the biggest list so far.

Please help!!
my files was changed to “*.id-0AEB6B23.[help@badfail.info].bip”
please send me help me!

Hi, any solution??

Olá, alguma solução? Grato.

Just got hit with a variant of the same. Took out my home server and everything on it including connected backup drives =(
wp27939@email.vccs.edu (“*.id-0AEB6B23.[wp27939@email.vccs.edu].bip”)
What I have found so far…
Dharma (.dharma Family)
This ransomware is decryptable!
Identified by
ransomnote_bitcoin: 1Rb84lSGLVgKYC1oDCpa2ayfK1SqA
To decrypt files encrypted by the Dharma ransomware, you need to first download the RakhniDecryptor.

Hope it helps someone.

Update.. I was hit with this ransomware today.. not sure what happened to my previous reply.. anyhows..
https://www.bugsfighter.com/remove-bip-ransomware-and-decrypt-bip-files/
Bip Ransomware

.id-{id}.[restoresales@airmail.cc].bip
.id-{id}.[beamsell@qq.com].bip
.id-{id}.[298347823@tuta.io].bip
.id-{id}.[return24data@cock.li].bip

If it helps =)

Hello, Alex! I am so sorry to hear about this! Thanks for sharing it with us! Make sure you use an antivirus software or enhance your online protection with a proactive cybersecurity software product. Stay safe!

i can help you, please send me 3-4 encrypted files in order to i can check (mcerdem82@yahoo.com)

PLZ Help My PC
CRAB.406812600.ransomed@india
All Data Encrupt PLZ Decrupt Data Soft PLZ Send My Email
mediavisionswl@gmail.com

2289540204.ransomed@india.com this is virus.
how can I repair my file?

Hi is there any decyptor for .arrow files. Windows defender detected it as a ‘WaDharmar’.?

hi, i can help you for your arrow files, but you should pay, let me know if you are interested in my service or not. (mcerdem82@yahoo.com)

It is any tool for making “bruteforcing” key for decrypti a ransome?

Taylor Rutherford on April 13, 2018 at 4:42 pm

We have been hit by ransomware that encrypted with file extension .waiting. Is there a program to decrypt? We used another install for rahkni which gave us a key, but we can’t use it. We can’t find the name of our ransomware anywhere.

I have been hit by this ransomware as well. On alternate sites, some have mentioned it could be a new version of STOP ransomware. Not sure if any decrypters exist?

Hi!

I have infected by CRY36 with extension .damage

Any new to decrytp this? Regards

Hello, Cesar! Sorry to hearing that! We don’t know about a decryption tool available for this type of ransomware, but please have a look at these links and see if they can help you: https://www.kasperskyclub.com/support/question/10 + https://howtoremove.guide/cry36-ransomware-remove/ + https://www.2-viruses.com/remove-cry36-losers-virus Thanks and stay safe!

Any decryption tools for .helpers@cock.li?

i have same problem with u,, do u have answer?

Hi,
Infected file link: http://www.eurosoft-download.co.uk/Support/BCabDatabase.rar
If is there any tool by which I can decrypt ransomware .rapid extension file then reply back please, I shall be very thankful to you

Hello! So sorry to hear that! Unfortunately, we don’t know about a decryption tool available to unlock your data. However, I recommend reading this guide from here: https://www.2-spyware.com/remove-rapid-ransomware.html and see how it can help. Also, you may find useful this one: https://www.experts-exchange.com/questions/29084006/Has-anyone-found-a-decryptor-for-ransomware-rapid.html Thanks and stay safe!

hi naveed bhai i have infected by cryston ransomwear with extention .damage .
please can you have any other tool for this virus remove it.

Hey Andra, is there any decryption tool for .sage file ransomware? 🙁

Hi Blair! So sorry to hear that! We are not aware of any decryption tool for sage ransomware, but you may want to have a look at this guide and see if it can help to recover your data: https://www.2-spyware.com/remove-sage-ransomware-virus.html Stau safe and hope you’ll get your data back!

Estou enfrentando um problema com arquivos .obama de repente todos os arquivos convertidos em extensão .obama

hi,

have been infected with ransomware which has encrypted my data files to extention *.qqcrypt i.e. abc.txt has been converted to abc.txt.qqcrypt

Kindly let me know if you have any information on this ransomware and also for any decryptor tools for the same.

Thanking you in anticipation.

Files on my network drives were recently encrypted by ransomware with extension .2018. This seems to be a new thread and I was wondering if there is a decrypting tool out there for it.

See sample:
GgZNVCJbSwVxVioMbgxrJXRQMEtEJDMBBGNhMFFVaVh8JBc7Y0R6JSAxfVYJT3s6NkYRSxAobSw2HTIlY0t9H0MGbCoDORtgCjwWAjM6SkJDYg== ID 24LALL4FWGHEVTRR.2018

Hello, Edem! I am sorry to hear that! We don’t have information about a decryption tool, but we can investigate it. Could you please provide us more details? It would help if you could send us a screenshot of the files encrypted and the ransom note. Please send these details to corpsupport@heimdalsecurity.com and our technical team will try to find out more. Thank you!

You guys have been so great at responding! I was hit with a Ransomware virus that converts your files to something like: apzyalaz.locked and leaves the file,
“[HOW_TO_DECRYPT_FILES].html”

I’ve heard it called the LockeR ransomware. I have copies of an encrypted and unencrypted file. Would you be able to help me decrypt it? THANK you in advance for any help or replies!

Hi Jesse. So sorry to hear that you’ve been infected with ransomware! Here you can find helpful information about the Locker ransomware https://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-and-help-topic/page-31#entry3721545 Also, we have a dedicated article on decryption tools: https://heimdalsecurity.com/blog/ransomware-decryption-tools/ Hope it helps! Stay safe!

i am infected by dharma ransomware (.java). is there any decrypt tools available ?

Hello! I’m so sorry to hear that! We’ve updated our article on ransomware decryption tools and you’ll find info on how to decrypt this one too. Hope it helps and stay safe! https://heimdalsecurity.com/blog/ransomware-decryption-tools/

Hi Ana,

Great article 🙂 Congratulations!
I just read about another tool, and probably interest in adding here. Check it out:
Decryptor for MoneroPay Ransomware – https://nioguard.blogspot.com.br/2018/02/decryptor-for-moneropay-ransomware.html

Hi Amitay and thanks for the appreciation. Indeed, a great tool for the MoneroPay Ransomware, I’ll add it to the list. Cheers!

This is so well explained for computer novices. A great post that I found interesting and I am an IT expert.

Many thanks for your feedback, John! Happy to know this article was useful. You can also find helpful our free online educational resources: https://heimdalsecurity.com/security-education-resources

hi john
i am infecte by crypton ransomwear with extention please you hane any other tool remove this virus

Just use Qubes OS and ditch windows and live your life. Problem solved! If I need to believe you al than here on Xp I have and entire store of ransom, malware, ect.. You all need to stop with this because this is not fun anymore. You need to now your pc in and out and fir the best is Windows 7 if you stay on Windows. Windows 10 is crapware and will die out and just follow the reactions on Ghakcs when there is a article of W10. These people are an example that know more then the laypeople and the most of them discard W10 because it’s crapware.

Redirecting the link for “malware removal forums” to the recent article on blogs makes no sense as they cannot and do not help with removal of ransomware.

Additionally, redirecting the original “32 Go-To Security Forums for Free Malware Removal Help” dated March 5, 2015, also doesn’t make sense since blogs do not help with malware removal.

Hi Corinne, thanks for the input, we fixed the redirection. Those forums and blogs contain a lot of valuable information on malware and, indeed, ransomware cases. Cheers!

hai, im doing a research about ransomware classification based on signature approach for my final year project. any suggestion on how i can classify ransomware ? i really need help. Thank you

Hi Camely and thank you for your message. I would recommend reading our article on ransomware https://heimdalsecurity.com/blog/what-is-ransomware-protection/ where you’ll find useful info on the most notorious ransomware families. Hope this helps and good luck with your research and final year project.

thanks for sharing blog i love this blog and learned a lot form this…
http://antivirus-support.net/for-avg-support.php

Hi, Andra….
We’ve facing problem with frogo_Ransomware which infected my files.
my file encrypted by that virus and unable to open.
Did you familiar with this kind of Ransomware ?

Regards,
Dedi Supriadi – +62 85287838484

Hi Andra can i get a decryption tool for Nemesis Ransomware.

Hi. please help me for decrypt files those encrypt with MOLE ransomware.
Thanks

hi, i can help you for your MOLE files, but you should pay, let me know if you are interested in my service or not. (mcerdem82@yahoo.com)

Essam Al-Moraissi on May 19, 2017 at 2:53 pm

I have infected with ransomware and all my files are become locked with MOLE extension. I have used most of decryptor tool but without benefits.

Please help me

hi, i can help you for your MOLE files, but you should pay, let me know if you are interested in my service or not. (mcerdem82@yahoo.com)

is there any tools to decrypt .xcrypt extension files

Is there any way to decrypt my files they are encypted by ransomeware virus.
it affects all my .jpeg .mp4 and all important file by .xcrypt extension

Hello Andra, do you have any file fix for .MOLE extension thank you 🙂

Leaton G. Johnson on May 16, 2017 at 1:39 am

Is there any help for files that were corrupted with the cryptodefense malware after April 1st, 2014? The tools for before April 1st 2014 do not work for my files.

Hey Andra,
Thanks for the information, I’ve few pc’s infected with .Osiris extension is there any decryptor for it?
Thanks

Hi Tahir! Unfortunately, .osiris is an extension used by Locky ransomware, which is impossible to decrypt at this point. Sorry we can’t help.

Hello Andra
Need help with my server, all files have been encrypted wit shnell ransomware there by shutting down all services even basic administrative tools can not be accessed.
please advice

Hello Isaac,

So sorry to hear about your situation, but there isn’t much we can do about this, given we don’t have a decryption tool for it in our list. Maybe you can try the Crypto Sheriff tool to find out if it is a known strain and come back to the list to check for potential fixes: https://www.nomoreransom.org/crypto-sheriff.php Best of luck!

Hi
What can I do for shnell ransomeware
Which tool should I use?
Thanks

Hi,
Is there any way to decrypt my files they are encypted by RAAS ransomeware.
it affects all my .jpeg .mp4 and all important file just lefting few like .gz and .exe

Hi Abhi,

So sorry to hear that, but we can’t help, I’m afraid. Unfortunately, there’s no way to decrypt it yet.

I am facing problem with .wallet files suddenly all files converted into .wallet extension.

kindly help me what i suppose to do.

Hi Ali,

So sorry to hear that, but we can’t help, I’m afraid. Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

Hello Ali,

A few days ago, the Dharma ransomware was decrypted and a decryption tool has appeared. You can access it here: https://www.nomoreransom.org/decryption-tools.html

anything you can do for this
! ! IMPORTANT INFORMATION ‘l I
Allcof, your files are encrypted with RSA-2048 and AES-1285ciphers.
More information about the RSA andeAES can e be found here:
(cryptosystem) czbchttp://eLÄ!<.pedie-ægLyiki/Adyanced
Decrypting of your files isbonly possible withdthe privateA<ey and decryptdprogram, which isöon *our secret server.
Todreceive youraprivateEkey follow one of the links :
If all ravailable, follow*hesedsteps:
1. Download and installeTor Browser:
: / html
2. 4fter a successfulæinstallation, run the and wait fom initialization.
cddb3.eTypeeinothe address bar: g46mbrrzpfszonuk.onion/1CUZ3X6WQQATGH7U 4 : Followbthecinstructions oncthe site.
! ! ! e Your?personal identification ID: ICUZ3X6WQQATGH7U ! ! !

Hi Michael,

Sorry about your issue, but there isn’t much we can do about this, given we don’t know which strain you got infected with. Maybe you can try the Crypto Sheriff tool to find out what it is: https://www.nomoreransom.org/crypto-sheriff.php

Is there any decryptor for .wnrozba files? mY computer is infected

How to decrypt spora ransomware .It came with .HTA file In windows its acts as google chrome HTML file and now it just corrupt all excel and word files.There is no any dedicated extension of this ransomware. All word files and excel files are in their default extension that is xlsx and docx.

Hi Kawal!

Unfortunately, there is no way to decrypt Spora ransomware infected files for free at the moment.

wallet file decrypter ?

Hi Atish,

So sorry to hear that, but we can’t help, I’m afraid. Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

Hello Atish,

A few days ago, the Dharma ransomware was decrypted and a decryption tool has appeared. You can access it here: https://www.nomoreransom.org/decryption-tools.html

is there any tool to decrypt .wcry files which because virus

Hi there!

For the moment we cannot confirm the strain without looking at it, but you can use Crypto Sheriff to find out: https://www.nomoreransom.org/crypto-sheriff.php

Hi…
My files are encrypted by 84E0…
Is there any tool…

Hello,
Is there any decryptor for x3m ransomware?

For the moment, there is no decryption tool for this type of ransomware.

Hello,
I have infected files .crypto shield.
I need help.
What is the recommended tool to decrypt?

Hi Robert!

For the moment, there is no way to currently decrypt files encrypted by CryptoShield for free. Also, a newer version (2.0) has emerged last week, which is also impossible to decrypt currently. Sorry for the bad news.

Hello,
I have infected files .cryptoshield.
What program you can decode them?
Thank you in advance for the information.

Al my files have .b76a in it. Is there anything that can decrypt all of my files??

Hi Roger!

For the moment we cannot confirm the strain without looking at it, but you can use Crypto Sheriff to find out: https://www.nomoreransom.org/crypto-sheriff.php

Hi ! I have lot of files (excel and pdf) infected by dharma, any decription tool available?
Thanks, Alba

Nothing for .Osiris then?

my files got locked with the extension.ba22. i need help please

Hi Henry, unfortunately, we don’t have information on that particular extension. However, you can use this tool to find out what type of ransomware you’ve been infected with, so you can find potential solutions to decrypt it: https://www.nomoreransom.org/crypto-sheriff.php

Hello Andra,

I have many jpgs and video files which I backed up from a memory card I used on a Blackberry long time ago.
This device was stolen, and most part of the files are on the .rem RIM’s extension.
My question is: is told that just the original device which encrypted the original file can open and decrypt it; files saved/backed up from the original memory cards cannot be read on Macs/PCs.
Is there any software that could do this job in my case, as I had it stolen a long time ago on the airport?
Best.

Hi Danilo! I’m afraid you’re going to have to ask Blackberry for help here, because I can’t provide support for other products than our own. Sorry and best of luck! I really hope you get your data back safe and sound.

Hi, I had been hit by a virus that change all my files extension to .wallet which Decryption Tools is recommended?

Hi Richard,

So sorry to hear that, but we can’t help, I’m afraid. Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

my word and excel file got .sage extension,kindly suggest the appropriate toll

me to i got the same problem with my word and winrar files please tell me what to do or the tool i need

Good night do you know if there is any tool to decrypt ransomware with the “shit” extension? i think it belongs to locky family thank you!

Hi,

I have an awesome .merry file extension. 🙂 This is a massive Ransomware. I’m looking for decryptor for it.
Do you have any idea?

Thank you

Hi Steve!

Luckily, there’s a tool to decrypt it: https://decrypter.emsisoft.com/mrcr

We’ve also added it to the list. I hope you get your files back soon and safely!

Do you know what ransomware is k2p and k23p? I cannot find anywhere on the internet, it seems to be Globe but Globe2 doesn’t work…

Hi Ben!

For the moment we cannot confirm the strain without looking at it, but you can use Crypto Sheriff to find out: https://www.nomoreransom.org/crypto-sheriff.php

Does anyone know of a decrypter for ransomeware .aes256 extension? Absolutely killing me.

same problem here!

can you please provide help for jigsaw ransomware or provide any toll

The decryption tools list includes a decryptor for Jigsaw. You can find the link in the article.

Any one can help me to recover .wallet extension files

Hi there! Unfortunately, there is no decryption tool for Dharma ransomware.

HI MY SERVER HARD DRIVE ENCRYPTED USED DISKCRYPTOR TOOL FROM HACKERS ANY SOLUTION?

Hello! Sorry, but we don’t offer assistance with ransomware decryption. Malware-removal support is only available for Heimdal CORP customers. I hope you find a way to get your data back safe and sound!

Sidharaj Sinh Jadeja on January 3, 2017 at 3:17 pm

Hi
my external HDD as effected ransom-ware
Its showing .bb1a
you can suggest any tool for this
Please replay.
Regards

Bat-Erdene Chuluunbat on January 1, 2017 at 6:02 pm

I have attacked .wallet ransomwere on my company server on Dec 25, 2016. Bad thing is backup also infected. I’m in big trouble can’t eat and sleep may lose my job. I contact with those criminals they required 5 bit coins it is equal to 4000$ that is too much i can’t pay it. If have anything about .wallet please help me.

So sorry to hear that, but we can’t help, I’m afraid. Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

lulz…..I hope you make more than $4000. If you only have one backup, you may deserve to lose your job.

Any about .Wallet?
The files have a name, xmen_xmen [@] aol. com
e.g, Filename.pdf.[xmen_xmen@aol.com].wallet
Remote case in Costa Rica from 23-Dec-16

Hi Tames! Dharma ransomware uses the .wallet extension, but, unfortunately, there’s no way to decrypt it yet.

Thanks for replay, any news let me know!

Hello . Pls my blackberry device got infected by a malware with file extension .rem is there any decryptor to get me off the hook ?

Hi Charles! I’m happy to say that your Blackberry has not been affected with ransomware. In fact, .rem is an extension that shows that your files have been encrypted and are safe. In this case, we’re talking about non-malicious encryption used by Blackberry to secure your data. More info here: http://www.openthefile.net/extension/rem

what about .90f1

I can’t associate that extension with anything, Francesco. Maybe you can try the Crypto Sheriff tool to find out what it is: https://www.nomoreransom.org/crypto-sheriff.php

hi ,
there any decryption tool lavandos@dr.com.wallet

what about .b53c?

If it’s not on the list, I’m afraid there’s no solution for it yet.

.9788 in pictures , music , documents

Sorry, no news on that yet.

Are there any experiences with paying the ransom? Will they un-encrypt your files and just go away? Or will that lead to more demands?

Cyber security experts, the Europol, the FBI and many more authorities and specialists advise to never pay up. There is no guarantee that you’ll get your data back or that the decryption key will work. There are cases where the ransomware is poorly coded and can’t be decrypted, even with the correct key, because the encryption went badly. Also, paying the ransom will just feed the malware economy and enable cybercriminals to continue attacking people and companies all over the world.

Hi,
What can I do for .b727 type of attack.
is there any solution for the same?
Regards

Unfortunately, Sigit, this seems like a new strain of ransomware and there is no decryptor available for it yet.

Jhonathan Bastidas on December 7, 2016 at 2:23 am

.thor?

Jhonathan, this is actually a new extension Locky started to use, and, unfortunately, Locky hasn’t been cracked yet. I’m sorry we can’t help.

Hi,
What can I do for .zzzz type of attack.
is there any solution for the same?
Regards

Unfortunately, Priya, there is no decryptor available for this type of ransomware yet.

Hi Andra ,

Could you please help me to in decryption process for my files infected with Ransomware v.5.0
I don’t know what is that but it damaged my word, excel, pdf and jpeg files 🙁

Regards,

Unfortunately, Mohamed, we do not offer assistance for individual cases. Asides from the tools available here, we don’t have anything else that can help. I’m sorry about your situation.

i
What can I do for .a2df files.

I don’t know of any tools that can decrypt this ransomware, Danush. I’m sorry.

Is there a tool for ZAAEBZM?

.8df4 Cerber any tools to remove this.

There are not decryption tools for Cerber yet, sorry.

Hi Andra,

Firstly thank you for this great post.

I was attacked with CrptoLocker Ransomware on 15th Oct. Please let me know as and when you come across a decrypter tool for the same.

Thanks a lot
-Harsha

Hi there! Sorry to hear about your issues. There is no decryption tool available for Cryptolocker yet. It’s one of the oldest and strongest ransomware families, so it’s unlikely that it’ll be decrypted anytime soon.

Thanks a lot for the reply Andra! I shall wait!

hi, what is the extension of your encrypted files ?

Hi Cihen,

Sorry for the late reply.

No change in the file extension. The files are in their usual extension.

Thank You
Harsha

Hi andra,

do you have any tool to decrypt cyber ransome infections

Hi
my external HDD as effected ransom-ware
Its showing .zendr4
you can suggest any tool for this
Please replay.
Regards

Hi Noufal!

If it’s not on the list yet, it probably doesn’t have a decryptor. But I hope one will appear soon. So sorry to hear about your issue.

Any dycrypter for Cerber 4 I was hit last week shortly after this came out I have run numerous spyware malware & AV packages on my machine and moved all files to separate drive and locked away until such time as a solution arrives

Any tools discovered for ZEPTO?

Not that we know of. Sorry, Bob. We’ll update as soon as something reliable comes up.

Hi
What can I do for .afa8 files.
Which tool should I use?
Thanks

Hi there! Unfortunately, we have no knowledge at this point about a ransomware strain that turns files into .afa8. We’ll keep you posted if we do. Sorry to hear about your troubles.

Great blog, keep going. Lot of learning everyday from this blog.

Thanks a bunch for your feedback, Ajay! We promise to keep it up.

Frederik Bechmann on October 6, 2016 at 2:04 pm

Congrats on the new blog layout, Andra.

Quality content needs a quality frame 😉

Thank you so much, Frederik! It was a team effort and I’m really glad you enjoy it.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP
Thor Premium Image

It's finally possible to have total, next-gen security against ransomware, malware and other threats.

Discover Thor Premium Home
and take advantage of the one-time deal.

Buy now Only

200

licenses left!