Decrypt Files Encrypted by Merry Christmas Ransomware - How to, Technology and PC Security Forum | SensorsTechForum.com

Decrypt Files Encrypted by Merry Christmas Ransomware

This article aims to help you decrypt files encrypted by the Merry Christmas virus with the following file extensions: .PEGS1, .MRCR1, .RARE1 or .RMCM1.

Merry Christmas ransomware hit us around 3rd of December last year and ever since then, the virus has been infecting unsuspecting users via spam e-mails. What this particular ransomware does is it takes advantage of unexperienced users and applies encryption on their computers to extort them for their files. The victims of both versions of the virus were asked to pay a hefty sum to get their files back. However, those who did not pay can now successfully restore their files for free, using the below-stated decryption and removal instructions.

Disclaimer! Make sure to backup your files in multiple copies before beginning this procedure because if the decryption is unsuccessful, they may be damaged.

Merry Christmas Ransomware – Removal

First, before begging to decrypt your files, it is very important to try and remove the virus. One method to do it is if you follow the manual decryption instructions below. However, bear in mind that experts strongly advise using and advanced anti-malware software to remove everything associated with Merry Christmas permanently.

Manually delete Merry Christmas Ransomware from your computer

Note! Substantial notification about the Merry Christmas Ransomware threat: Manual removal of Merry Christmas Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Merry Christmas Ransomware files and objects
2.Find malicious files created by Merry Christmas Ransomware on your PC

Automatically remove Merry Christmas Ransomware by downloading an advanced anti-malware program

1. Remove Merry Christmas Ransomware with SpyHunter Anti-Malware Tool and back up your data

Merry Christmas Ransomware – Decryption Instructions

After having removed the Merry Christmas threat from your computer, you should follow these instructions to get your files back:

Step 1: Download Merry ChristmasFree Decryptor from this web page and save it on your computer.

Step 2: Copy the following files into a new folder:

  • decrypt_MRCR.exe
  • One encrypted picture.
  • The decrypted variant of the encrypted picture.

In case you do not have any original variants of encrypted pictures, please, make sure to use the default Windows pictures from another Windows PC. They are usually located in:

For newer Windows (8, 8.1, 10):
C:\Windows\Web\Wallpaper
For Windows 7 and earlier:
C:\Users\Public\Pictures
C:\Users\{Username}\Pictures

Step 2: Drag an encrypted and original files on the Merry Christmas decrypter, just like the GIF below demonstrates:

fenixlocker-decrypt-gif-sensorstechforum-ransowmare-com

Step 3: After the files are dropped, you should see a pop-up similar to the following:

2-decryption-key-found-fenixcrypter-sensorstechforum

Press OK to continue.

Step 4: After this, the primary interface of the decryptor will show:

philadelphia-stampado-ransomware-decrypt-sensorstechforum

From there choose the folders you wish to decrypt and click on the Decrypt button.

After decryption, the files should be saved in the same location where they were initially encrypted. You also have the option to choose whether to keep or discard the encrypted version of the files.

Merry Christmas Ransomware – What to Do After Decryption

In case you have been attacked by Merry Christmas ransomware, you are a lucky individual. But bear in mind that it is never too late to implement the necessary protection precautions and learn how to safely store your data and protect it from ransomware and other malware in the future.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

4 Comments

  1. Mike Stanley

    What do we do if I have no original files left? I have no unencrypted original files that are the same as the encrypted ones to drag onto the decryptor.

    Reply
    1. Vencislav Krustev

      Hey Mike, please try to find original Windows files from the same version of Windows on another PC. They are usually the same for everyone. The wallpapers are the easiest to find.

      %SystemRoot%(system32)WebWallpaper
      %APPDATA%IrfanviewIrfanview_Wallpaper.bmp

      Reply
      1. Vencislav Krustev

        You can also check the red box in the article above : )

        Reply
  2. Teodor Chirileanu

    What if the virus was so smart that it only encrypted just a couple of my documents, while leaving the others untouched? For example none of my photos are encrypted. How can I still get my files back? (I really need them)

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.