Shortly after the Philadelphia ransomware virus came out, a decryptor for it has been released by malware researchers. When it was spotted, the ransomware has been released for 400$ on the black market. The page advertising the virus outlined it as a very sophisticated threat. However researchers were convinced that the virus is not impenetrable, and now they have proven this, creating a free decryptor for the virus. Anyone who has been infected by the Philadelphia virus should follow the instructions in this article, remove Philadelphia Ransomware and decrypt files that have been enciphered by it.
Philadelphia Ransomware – Quick Background
This ransomware virus was first detected on the deep web markets and in addition to this, researchers detected how it spreads as well. The Philadelphia ransomware uses a fake governmental notice that pretends to be a scanned document from the financial ministry of Brazil. This immediately gives a hint that this virus may be spread onto Portuguese speaking countries. The Philadelphia ransomware also attacked a wide variety of file types that it rendered no longer openable:
After encrypting the files of users, Philadelphia completely changes their names with random A-Z 0-9 names and changes the extension to .locked. Users who were left with no choice but to pay the ransom until now.
Furthermore, Philadelphia ransomware besides being part of the Stampado ransomware variants, also uses a very interesting type off command and control server, having a so-called “Give Mercy” button that unlocks the files for free.
Philadelphia Ransomware – Removal and Decryption Instructions
Before deciphering your files with the tool, created by Fabian Wosar, a researcher from EmsiSoft, we strongly recommend removing Philadelphia first. One way to do this is by following these removal instructions
Manually delete Philadelphia from your computer
Note! Substantial notification about the Philadelphia threat: Manual removal of Philadelphia requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove Philadelphia by downloading an advanced anti-malware program
After you have removed Philadelphia ransomware, you might as well begin decrypting files. To do this follow the below-mentioned steps:
Step 1: Download Stampado Decrypter. Being a variant of the Stampado viruses, Philadelphia can be decrypted with EmsiSoft’s Stampado Decrypter. To download it for free, click on the button below and save it:
Step 2: Open the decrypter and choose which files to be decrypted. This can happen by either choosing the volumes on your hard drive (C:\; D:\) or by clicking on the Add Folder button to add your important folders so that the process is faster.
Step 3: Click on Decrypt and enter the e-mail address and your Identification number from your ransomware virus to help the decrypter set the variant and the decryption key for Philadelphia ransomware. After this is done, go back to the “Decrypter” tab and repeat the same process to start decrypting files.
Be patient, decryption may take some time. After every file is decrypted, you should see information about it on the decrypter.
Philadelphia Decryptor – Conclusion
After decrypting your files make sure you save them on an external drive and make more than one backup. For more professional approach on how to store your data safely, please check the following article: