Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Decrypt Files Encrypted by Philadelphia Ransomware

philadelphia-ransomware-decryptedShortly after the Philadelphia ransomware virus came out, a decryptor for it has been released by malware researchers. When it was spotted, the ransomware has been released for 400$ on the black market. The page advertising the virus outlined it as a very sophisticated threat. However researchers were convinced that the virus is not impenetrable, and now they have proven this, creating a free decryptor for the virus. Anyone who has been infected by the Philadelphia virus should follow the instructions in this article, remove Philadelphia Ransomware and decrypt files that have been enciphered by it.

Philadelphia Ransomware – Quick Background

This ransomware virus was first detected on the deep web markets and in addition to this, researchers detected how it spreads as well. The Philadelphia ransomware uses a fake governmental notice that pretends to be a scanned document from the financial ministry of Brazil. This immediately gives a hint that this virus may be spread onto Portuguese speaking countries. The Philadelphia ransomware also attacked a wide variety of file types that it rendered no longer openable:

→.7z;.asp;.avi;.bmp;.cad;.cdr;.doc;.docm;.docx;.gif;.html;.jpeg;.jpg;.mdb;.mov;.mp3;.mp4;.pdf;.php;.ppt;.pptx;.rar;.rtf;.sql;.str;.tiff;.txt;.wallet;.wma;.wmv;.xls;.xlsx;.zip

After encrypting the files of users, Philadelphia completely changes their names with random A-Z 0-9 names and changes the extension to .locked. Users who were left with no choice but to pay the ransom until now.

Furthermore, Philadelphia ransomware besides being part of the Stampado ransomware variants, also uses a very interesting type off command and control server, having a so-called “Give Mercy” button that unlocks the files for free.

Philadelphia Ransomware – Removal and Decryption Instructions

Before deciphering your files with the tool, created by Fabian Wosar, a researcher from EmsiSoft, we strongly recommend removing Philadelphia first. One way to do this is by following these removal instructions

Manually delete Philadelphia from your computer

Note! Substantial notification about the Philadelphia threat: Manual removal of Philadelphia requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Philadelphia files and objects.
2. Find malicious files created by Philadelphia on your PC.
3. Fix registry entries created by Philadelphia on your PC.

Automatically remove Philadelphia by downloading an advanced anti-malware program

1. Remove Philadelphia with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Philadelphia in the future

After you have removed Philadelphia ransomware, you might as well begin decrypting files. To do this follow the below-mentioned steps:

Step 1: Download Stampado Decrypter. Being a variant of the Stampado viruses, Philadelphia can be decrypted with EmsiSoft’s Stampado Decrypter. To download it for free, click on the button below and save it:

1-stampado-philadelphia-ransomware-decrypt-save-as-sensorstechforum

Step 2: Open the decrypter and choose which files to be decrypted. This can happen by either choosing the volumes on your hard drive (C:\; D:\) or by clicking on the Add Folder button to add your important folders so that the process is faster.

philadelphia-stampado-ransomware-decrypt-sensorstechforum

3-philadelphia-stampado-e-mail-id-sensorstechforum

Step 3: Click on Decrypt and enter the e-mail address and your Identification number from your ransomware virus to help the decrypter set the variant and the decryption key for Philadelphia ransomware. After this is done, go back to the “Decrypter” tab and repeat the same process to start decrypting files.

Be patient, decryption may take some time. After every file is decrypted, you should see information about it on the decrypter.

Philadelphia Decryptor – Conclusion

After decrypting your files make sure you save them on an external drive and make more than one backup. For more professional approach on how to store your data safely, please check the following article:

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.