Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Decrypt Files Encrypted by Ransomware Viruses Part 4

And here we are again in 2017. With the rise of ransomware viruses, more and more malware researchers from EmsiSoft, Kaspersky, Avast and BleepingComputer join their efforts to create decryptors for those ransomware viruses who failed at being impenetrable. We have decided to sum up all the decryptable ransomware viurses so far with the hope they will be reachable to more people. Below, we have also linked the other parts of these series of articles.

Decrypt Files Encrypted by Ransomware Viruses Part 1
Decrypt Files Encrypted by Ransomware Viruses Part 2
Decrypt Files Encrypted by Ransomware Viruses Part 3

Fake Cerber Ransomware

Being an imitator of one of the most notorious ransomware viruses ever to come out, the fake Cerber virus used the same wallpaper and even had a similar ransom note. It’s weakness however is that it was an EDA2 ransomware variant, which is not difficult to decrypt by researchers. Here is more information and decryption instructions:

Remove Fake Cerber Ransomware and Decrypt Encrypted Files

The “.L0CKED” File Virus

Little was known about this ransomware initially, but this was because it was not very popular. Few days after being discovered it was deemed to be a part of the many ransomware variants in the EDA2 family. Decryption instructions below:

.L0CKED File Virus (Decrypt Files)

DeriaLock Ransomware

Being part of the Lockscreen type of ransomware viruses that deny access to the whole system, this virus was reverse engineered later on and a password for it was found. All you have to do is to follow these instructions to unlock your PC:

DeriaLock Virus Remove and Unlock Locked Screen

UltraDeCrypter 2016 Ransomware

This ransomware virus was rather big and massive in terms of the fuss it generated when it was released. It is one of the “nicest” ransom viruses out there that wish Merry Christmas to victims. Fortunatly, being a part of the Cryp1 and CryptXXX viruses this one was also decryptable, as a Christmas gift. Instructions and more info can be found below:

UltraDeCrypter Virus – Decrypt Files for Free

Globe v3 Ransomware

This virus is very interesting, primarily because it came out in so many variants, that researchers have lost count. The first of the updated Globe variants used the .decrypt2017 and .hnumkhotep extensions and the 3rd version of Globe was initially thought to be a major improvement. With time however, a decryptor was eventually developed for the virus, by well-recognized in this field TrendMicro researchers. Instructions, we have provided below:

Decrypt Files Encrypted by Globe3 Ransomware

Comrade Circle’s .encrypted4 File Virus Variant

The “communist propaganda” virus came out in a second iteration which was eventually decrypted. Interestingly enough, this virus offered users to become a part of the ransomware project, even promising them dividents. Well, I guess this is a failed affiliate campaign. Instructions for decryption can be found below:

Comrade Circle Virus – Remove and Decrypt .encrypted4 Files

Marlboro .oops Ransomware

This virus has been reported to be encrypting files with the .oops file extension. Fortunately for the users, the cyber-criminals have made an ‘.oops’ when creating the encryption code. Malware analysts from EmsiSoft have created a decryption tool that works with this ransomware without a hic up. Here is the web link for instructions:

Decrypt .Oops Files Encrypted by Marlboro Ransomware

Merry Christmas Ransomware

Also being a Trojan horse that steals the files on the computer, this virus used multiple file extensions – .PEGS1, .MRCR1, .RARE1 and RMCM1. Having an evil Santa and a bomb, this virus was surely intimidating. However, it was also decrypted and instructions can be found in the green box below:

Decrypt Files Encrypted by Merry Christmas Ransomware

Alcatraz Locker Ransomware

Encrypting the files with an added .Alcatraz file extension to them, this virus was also widespread until researchers from Avast shut it down fairly quickly, resulting in it’s successful decryption. Instructions can be located below:

Decrypt Files Encrypted by .Alcatraz Locker

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.