Decrypt Files Encrypted by Ransomware Part 5 (April 2017) - How to, Technology and PC Security Forum |

Decrypt Files Encrypted by Ransomware Part 5 (April 2017)

This article will help you decrypt files encrypted by SureRansom, unCrypte, Globe .1, CryptoShield, SuchSecurity, Kaenlupuf viruses.

The ever-changing ransomware scenery has seen newer distribution techniques, many new viruses and even evolved doxware infections for mobile phones. The ransomware infections are now using services such as Dropbox in which the criminals upload malicious files and post the download link In e-mails instead of uploading e-mail attachments in archives. Instead, different types of files, such as executable SFX archives that are modified to cause infection by auto extracting malicious files. One thing hasn’t changed much however and this is the encryption algorithm. There are still many ransomware viruses that were successfully decrypted in time and we are posting our 5th update with links to decryption instructions of those viruses. If you are interested in looking for more decryptable viruses, feel free to visit our previous 4 parts of decryption updates in the frame below:

Decrypt Files Encrypted by Ransomware Viruses Part 1
Decrypt Files Encrypted by Ransomware Viruses Part 2
Decrypt Files Encrypted by Ransomware Viruses Part 3
Decrypt Files Encrypted by Ransomware Viruses Part 4

SureRansom Virus Decryption

A virus that also has a lockscreen which was detected at the end of January 2017. The virus demands 50 GBP of ransom payoff to cyber-crooks and it claims to use AES-256 for file encryption. It adds a lockscreen which offers a decryption key purchasing online. The ransomware also uses scare tactics to deceive users that their hard drive has been encrypted:

Decryption Instructions Link:
SureRansom Virus Remove and Unlock Your PC CryptConsole Ransomware Decryption

A ransomware virus using the email, also known as CryptConsole ransomware has been reported in the end of January. The virus uses “How decrypt files.hta” ransom note and completely changed names of the encrypted files:

Victims are demanded to pay the sum of 0.25 BTC to get the encrypted files restored back to normal.

Decryption Instructions Link:
Decrypt Files Encrypted by CryptConsole Virus

Globe v3 .1 File Extension Decryption

A variant of the 3rd iteration of Globe ransomware, this virus has been reported to use the .1 file extension which it adds to the encrypted files. There are many variants of globe ransomware, suggesting the virus is available on the deep web for download. Whatever the case may be, researchers have come up with a decrypter for all versions (v1, v2 and v3), which you can find below.

Decryption Instructions:
Globe v3 .1 Decryption Instructions

CryptoShield Ransomware Decryption

A variant of the notorious CryptoMix virus, this ransomware uses CryptoWall’s ransom note where it claims to use an AES cipher for the encrypted files and RSA for generating decryption keys. Despite this, the virus came in several different versions, suggesting the criminals behind it are attempting to make improvements or fix something within it. Thanks to malware researcher Jakub Kroustek, some instances of CryptoShield ransomware, using the .cryptoshield file extension can now be successfully decrypted.

Decryption Instructions Link
Decrypt Files Encrypted by CryptoShield Ransomware (Updated CryptoMix)

“Such Security” Ransomware Decryption

A ransomware using the Doge meme to display it’s ransom screen and the .locked file extension, has been spotted to infect terminals in public buildings. Eventually this led to it being researched and later confirmed to be a variant of the open source EDA2 ransomware project. This project includes ransomware source code which is also decryptable.

A web link for the decryption instructions can be located below:

Decryption Instructions Link
Decrypt .locked Files Encrypted by “Such Security, Many Haxx” Virus

Your Windows Has Been Banned(Blocked) Virus – Decryption

A virus that has been detected and published by Microsoft cyber-security experts to lock the screen of the infected computer and display an error message similar to the Windows blue screen of death (BSOD).

The virus then demands victims to pay a hefty ransom fee of 200$ via PayPal to get the screen unlocked again.

However, the malware writers have left behind the unlock code for this virus in it’s source code and we have instructions on how to unlock it below.

Kaenlupuf Ransomware (Decrypt Files)

A ransomware virus detected to be oriented towards Malaysian speaking users. Claims to use AES-128 encryption algorithm and is In version 1.0b. The virus uses the fake name Microsoft Network Realtime Inspection Service and multiple others besides it. This virus is also believed to drop multiple executables on the infected computer:

  • Netsvc.exe
  • Kaenlupuf-note
  • Ajaw-rsa.exe

The ransomware also drops a note in which it is identified as Lu Punya file virus:

Decryption instructions of this virus can be located down below.

Decryption Instructions Link
Kaenlupuf Ransomware (Decrypt Files)


These are some of the many ransomware viruses out there that were decrypted. Fortunately malware researchers are constantly adding new decryptors for ransomware viruses and we will track them and make sure to update with more parts to come in the future, so make sure you also follow us on Twitter and Google+, it is easier than having to check our blog every time for new developments. Also we update the research articles very regularly so you can check them often to see if there is development for your particular ransomware infection, if you are a victim or someone who provides assistance.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share