Decrypt Files Encrypted by Ransomware Viruses Part 1 - How to, Technology and PC Security Forum | SensorsTechForum.com

Decrypt Files Encrypted by Ransomware Viruses Part 1

decrypt-ransomware-files-sensorstechforumMalware of the file encryption character also known as ransomware has been causing quite the stir and it is no secret that the encryption these threats use may take tens if not hundreds of years to factorize and decrypt files unless a key is discovered or there is a bug in the malware itself. This was the case with these “fallen” ransomware viruses which can now be decrypted for free. In this article, we are going to display to you the latest viruses that are available for free decryption and If you find the virus that has attacked your device, we urge you to click on the decryption instructions in the red squares underneath it. We have also included a quick background of the viruses themselves to help you better identify them. Let’s begin!

Update! Decrypters for more viruses have been released. More information in the following article.

Cerber Ransomware Decryptor

A very nasty crypto-virus that was distributed via malicious URLs and file attachments via spammed and phishing e-mails. The first version of the virus, now decryptable requests from users to pay the sum of approximately 500 US dollars in BTC in order for its decryption service. The Cerber virus has also been the reasons of reports by users from all over the world for massive infections. It is using an extremely strong AES encryption algorithm to encrypt files. As soon as the decryptor for this virus was released, researchers have established that a second variant, named Cerber 2 has come out to infect and encrypt at the same if not higher rate.

Cerber Ransowmware Decryption Instructions

Jigsaw Ransomware Decryptor

The Jigsaw ransomware was first detected around the beginning of April and it is as twisted as the movie Jigsaw is, threatening to delete files on every hour to “motivate” its victims to pay the ransom money. The virus supports over 120 types of file extensions which it encrypts after which locks the screen of the infected machine. Later on, many variants of this virus came out, suggesting it was sold as a service (RaaS) in the Deep Web. Fortunately, a decryptor has been released for the JigSaw ransomware, instructions for which you can find in the red frame below.

Jigsaw Ransomware Decryption Instructions

TeslaCrypt Decryptor

TeslaCrypt is a virus that came with a “bang” infecting a massive amount of machines. But it’s reign was short since few months after it and its many variants begun infecting user PCs, a free master decryption key was released out to the public. Since then, researchers have made a decryptor, allowing victims of all variants of TeslaCrypt, besides the .vvv file extension variant to be decrypted:

TeslaCrypt Decryption Instructions

Nemucod Ransomware Decryptor

Nemucod is one of the ransomware viruses which are enjoying a new trend, being released in JavaScript. This fileless method of distribution of ransomware virus was reported to affect users on a global scale. The virus was reported to also use a very strong cipher and extort its victims for 200$ for them to get access to their files again. Fortunately, Emsisoft have come up with a free decryptor, and you can find the instructions to recover your files below:

Nemucod Ransomware Decryption Instructions

HiddenTear Variants Decryptor

The open source HiddenTear project became the opportunity for multiple malware writers that were motivated to code their ransomware versions and make money. DA2, BankAccountSummary, Mireware, 8lock8 are just some of the variants for which you can find decryption available thanks to the malware researchers demonslay335 and Michael Gilepsie:

HiddenTear Ransomware Decryption Instructions

AutoLocky Ransomware Decryptor

As soon as the AutoLocky variant started infecting users, it immediately became evident that this type of malware aims to copy the big fish in ransomware – Locky ransomware. It even uses Locky’s ransom note as well as its file extension – .locky. The virus demands 0.75 BTC as a ransom payoff from users, but luckily, now there is a decryption available.

AutoLocky Decryption Instructions

Decrypting the Files – Conclusion

As a bottom line, we advise users that have been infected with these viruses carefully to follow the tailor-made instructions in the decryption manuals to successfully salvage their files. More importantly, we recommend focusing on protection rather than trying to restore your files because you may be lucky at this moment since a decryption is available, but there are many ransomware viruses out there whose files cannot be successfully decoded.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

1 Comment

  1. Jesus David Guerra

    no he podido encontrar ninguna forma de desencriptar mis archivos, que han sido encriptados y añadidos con la siguiente extencion ([[email protected]].wallet)

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.