Shortly after the Philadelphia ransomware virus came out, a decryptor for it has been released by malware researchers. When it was spotted, the ransomware has been released for 400$ on the black market. The page advertising the virus outlined it as a very sophisticated threat. However researchers were convinced that the virus is not impenetrable, and now they have proven this, creating a free decryptor for the virus. Anyone who has been infected by the Philadelphia virus should follow the instructions in this article, remove Philadelphia Ransomware and decrypt files that have been enciphered by it.
Philadelphia Ransomware – Quick Background
This ransomware virus was first detected on the deep web markets and in addition to this, researchers detected how it spreads as well. The Philadelphia ransomware uses a fake governmental notice that pretends to be a scanned document from the financial ministry of Brazil. This immediately gives a hint that this virus may be spread onto Portuguese speaking countries. The Philadelphia ransomware also attacked a wide variety of file types that it rendered no longer openable:
After encrypting the files of users, Philadelphia completely changes their names with random A-Z 0-9 names and changes the extension to .locked. Users who were left with no choice but to pay the ransom until now.
Furthermore, Philadelphia ransomware besides being part of the Stampado ransomware variants, also uses a very interesting type off command and control server, having a so-called “Give Mercy” button that unlocks the files for free.
Philadelphia Ransomware – Removal and Decryption Instructions
Before deciphering your files with the tool, created by Fabian Wosar, a researcher from EmsiSoft, we strongly recommend removing Philadelphia first. One way to do this is by following these removal instructions