The ever-changing ransomware scenery has seen newer distribution techniques, many new viruses and even evolved doxware infections for mobile phones. The ransomware infections are now using services such as Dropbox in which the criminals upload malicious files and post the download link In e-mails instead of uploading e-mail attachments in archives. Instead, different types of files, such as executable SFX archives that are modified to cause infection by auto extracting malicious files. One thing hasn’t changed much however and this is the encryption algorithm. There are still many ransomware viruses that were successfully decrypted in time and we are posting our 5th update with links to decryption instructions of those viruses. If you are interested in looking for more decryptable viruses, feel free to visit our previous 4 parts of decryption updates in the frame below:
Decrypt Files Encrypted by Ransomware Viruses Part 1
Decrypt Files Encrypted by Ransomware Viruses Part 2
Decrypt Files Encrypted by Ransomware Viruses Part 3
Decrypt Files Encrypted by Ransomware Viruses Part 4
SureRansom Virus Decryption
A virus that also has a lockscreen which was detected at the end of January 2017. The virus demands 50 GBP of ransom payoff to cyber-crooks and it claims to use AES-256 for file encryption. It adds a lockscreen which offers a decryption key purchasing online. The ransomware also uses scare tactics to deceive users that their hard drive has been encrypted:
unCrypte@outlook.com CryptConsole Ransomware Decryption
A ransomware virus using the unCrypte@outlook.com email, also known as CryptConsole ransomware has been reported in the end of January. The virus uses “How decrypt files.hta” ransom note and completely changed names of the encrypted files:
Victims are demanded to pay the sum of 0.25 BTC to get the encrypted files restored back to normal.
Globe v3 .1 File Extension Decryption
A variant of the 3rd iteration of Globe ransomware, this virus has been reported to use the .1 file extension which it adds to the encrypted files. There are many variants of globe ransomware, suggesting the virus is available on the deep web for download. Whatever the case may be, researchers have come up with a decrypter for all versions (v1, v2 and v3), which you can find below.
CryptoShield Ransomware Decryption
A variant of the notorious CryptoMix virus, this ransomware uses CryptoWall’s ransom note where it claims to use an AES cipher for the encrypted files and RSA for generating decryption keys. Despite this, the virus came in several different versions, suggesting the criminals behind it are attempting to make improvements or fix something within it. Thanks to malware researcher Jakub Kroustek, some instances of CryptoShield ransomware, using the .cryptoshield file extension can now be successfully decrypted.
“Such Security” Ransomware Decryption
A ransomware using the Doge meme to display it’s ransom screen and the .locked file extension, has been spotted to infect terminals in public buildings. Eventually this led to it being researched and later confirmed to be a variant of the open source EDA2 ransomware project. This project includes ransomware source code which is also decryptable.
A web link for the decryption instructions can be located below:
Your Windows Has Been Banned(Blocked) Virus – Decryption
A virus that has been detected and published by Microsoft cyber-security experts to lock the screen of the infected computer and display an error message similar to the Windows blue screen of death (BSOD).
The virus then demands victims to pay a hefty ransom fee of 200$ via PayPal to get the screen unlocked again.
However, the malware writers have left behind the unlock code for this virus in it’s source code and we have instructions on how to unlock it below.
Kaenlupuf Ransomware (Decrypt Files)
A ransomware virus detected to be oriented towards Malaysian speaking users. Claims to use AES-128 encryption algorithm and is In version 1.0b. The virus uses the fake name Microsoft Network Realtime Inspection Service and multiple others besides it. This virus is also believed to drop multiple executables on the infected computer:
The ransomware also drops a note in which it is identified as Lu Punya file virus:
Decryption instructions of this virus can be located down below.
These are some of the many ransomware viruses out there that were decrypted. Fortunately malware researchers are constantly adding new decryptors for ransomware viruses and we will track them and make sure to update with more parts to come in the future, so make sure you also follow us on Twitter and Google+, it is easier than having to check our blog every time for new developments. Also we update the research articles very regularly so you can check them often to see if there is development for your particular ransomware infection, if you are a victim or someone who provides assistance.