Decrypt Files Encrypted by Philadelphia Ransomware - How to, Technology and PC Security Forum |

Decrypt Files Encrypted by Philadelphia Ransomware


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Philadelphia and other threats.
Threats such as Philadelphia may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

philadelphia-ransomware-decryptedShortly after the Philadelphia ransomware virus came out, a decryptor for it has been released by malware researchers. When it was spotted, the ransomware has been released for 400$ on the black market. The page advertising the virus outlined it as a very sophisticated threat. However researchers were convinced that the virus is not impenetrable, and now they have proven this, creating a free decryptor for the virus. Anyone who has been infected by the Philadelphia virus should follow the instructions in this article, remove Philadelphia Ransomware and decrypt files that have been enciphered by it.

Philadelphia Ransomware – Quick Background

This ransomware virus was first detected on the deep web markets and in addition to this, researchers detected how it spreads as well. The Philadelphia ransomware uses a fake governmental notice that pretends to be a scanned document from the financial ministry of Brazil. This immediately gives a hint that this virus may be spread onto Portuguese speaking countries. The Philadelphia ransomware also attacked a wide variety of file types that it rendered no longer openable:


After encrypting the files of users, Philadelphia completely changes their names with random A-Z 0-9 names and changes the extension to .locked. Users who were left with no choice but to pay the ransom until now.

Furthermore, Philadelphia ransomware besides being part of the Stampado ransomware variants, also uses a very interesting type off command and control server, having a so-called “Give Mercy” button that unlocks the files for free.

Philadelphia Ransomware – Removal and Decryption Instructions

Before deciphering your files with the tool, created by Fabian Wosar, a researcher from EmsiSoft, we strongly recommend removing Philadelphia first. One way to do this is by following these removal instructions

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share